x509-cert: local zlint failures #1392

tarcieri · 2024-04-29T15:20:11Z

I tried running the x509-cert test suite on my mac using zlint installed from Homebrew and I'm encountering the following:

$ zlint --version
ZLint version 3.6.2
$ cargo test --all-features
Running tests/builder.rs (target/debug/deps/builder-840b0a8c8c8ecac9)

running 9 tests
test dynamic_signer ... ok
Certificate request self-signature verify OK
Certificate request self-signature verify OK
test certificate_request_attributes ... ok
test certificate_request ... ok
test async_builder ... ok
test root_ca_certificate_ecdsa ... ok
test root_ca_certificate ... ok
test sub_ca_certificate ... ok
test pss_certificate ... FAILED
test leaf_certificate ... FAILED

failures:

---- pss_certificate stdout ----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
        Signature Algorithm: rsassaPss
        Hash Algorithm: sha256
        Mask Algorithm: mgf1 with sha256
         Salt Length: 0x20
        Trailer Field: 0x01 (default)
        Issuer: C = US, O = World domination Inc, CN = World domination corporation
        Validity
            Not Before: Apr 29 13:53:09 2024 GMT
            Not After : Apr 29 13:53:14 2024 GMT
        Subject: CN = service.domination.world
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b6:c4:2c:51:5f:10:a6:aa:f2:82:c6:3e:db:e2:
                    42:43:a1:70:f3:fa:26:33:bd:48:33:63:7f:47:ca:
                    4f:6f:36:e0:3a:5d:29:ef:c3:19:1a:c8:0f:39:0d:
                    87:4b:39:e3:0f:41:4f:ce:c1:fc:a0:ed:81:e5:47:
                    ed:c2:cd:38:2c:76:f6:1c:90:18:97:3d:b9:fa:53:
                    79:72:a7:c7:01:f6:b7:7e:09:82:df:c1:5f:c0:19:
                    27:ee:5e:7c:d9:4b:4f:59:9f:f0:70:13:a7:c8:28:
                    1b:df:22:dc:bc:9a:d7:ca:bb:7c:43:11:c9:82:f5:
                    8e:db:72:13:ad:45:58:b3:32:26:6d:74:3a:ed:81:
                    92:d1:88:4c:ad:b8:b1:47:39:a8:da:da:66:dc:97:
                    08:06:d9:c7:ac:45:0c:b1:3d:0d:7c:57:5f:b1:98:
                    53:4f:c6:1b:c4:1b:c0:f0:57:4e:0e:01:30:c7:bb:
                    bf:bd:fd:c9:f6:a6:e2:e3:e2:af:f1:cb:ea:c8:9b:
                    a5:78:84:52:8d:55:cf:b0:83:27:a1:e8:c8:9f:4e:
                    00:3c:f2:88:8e:93:32:41:d9:d6:95:bc:bb:ac:dc:
                    90:b4:4e:3e:09:5f:a3:70:58:ea:25:b1:3f:5e:29:
                    5c:be:ac:6d:e8:38:ab:8c:50:af:61:e2:98:97:5b:
                    87:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:85:97:8E:50:5F:C1:43:0F:2D:B5:A6:73:77:45:34:C8:1F:BC:44
            X509v3 Authority Key Identifier:
                73:85:97:8E:50:5F:C1:43:0F:2D:B5:A6:73:77:45:34:C8:1F:BC:44
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
    Signature Algorithm: rsassaPss
    Signature Value:
        Hash Algorithm: sha256
        Mask Algorithm: mgf1 with sha256
         Salt Length: 0x20
        Trailer Field: 0x01 (default)
        14:db:e6:50:20:50:0a:15:ab:6a:48:e3:13:82:a0:38:0a:41:
        58:54:fa:96:8c:4a:a4:f7:a4:98:70:68:98:a9:d7:50:e6:06:
        70:64:ee:2c:d1:48:5e:d9:3e:15:7c:aa:70:ff:4e:1b:f0:ed:
        74:8c:ac:cf:23:b5:0f:45:df:62:75:40:cb:9f:c3:f8:3c:8e:
        5a:a3:f3:c1:02:32:84:2d:85:16:7e:6c:98:e9:19:51:53:21:
        17:a7:56:b0:a6:e6:95:50:df:aa:3c:27:77:59:40:be:c5:69:
        d4:a9:b2:2a:f9:ec:f6:2d:67:63:62:f1:bf:6a:50:e2:99:14:
        c2:af:90:26:cf:1d:8f:44:e6:89:96:fa:35:12:bf:c2:ae:13:
        3b:4a:16:be:2a:68:59:51:c1:5d:57:c6:fa:fe:d0:5d:f1:df:
        52:b9:d3:34:d8:9b:59:9c:3a:ce:de:ba:9f:c1:0b:eb:f3:05:
        f2:66:bf:de:d1:71:36:eb:b6:62:9b:b8:fa:30:f8:29:fe:b7:
        c5:49:48:e8:7b:04:2b:99:47:84:b1:ac:39:07:7d:fe:b3:13:
        9c:63:d1:41:d1:5f:70:cb:87:6a:4b:fc:45:f0:1e:b6:4a:bd:
        8b:11:85:20:b6:5c:83:98:10:e9:0d:82:c8:09:dc:83:95:e1:
        95:4e:2d:16

failed lints: {"w_ext_subject_key_identifier_not_recommended_subscriber": LintStatus { status: Warn, details: None }}
thread 'pss_certificate' panicked at x509-cert/test-support/src/zlint.rs:180:5:
assertion failed: output.check_lints(ignored)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- leaf_certificate stdout ----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = US, O = World domination Inc, CN = World domination corporation
        Validity
            Not Before: Apr 29 13:53:09 2024 GMT
            Not After : Apr 29 13:53:14 2024 GMT
        Subject: CN = service.domination.world
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b6:c4:2c:51:5f:10:a6:aa:f2:82:c6:3e:db:e2:
                    42:43:a1:70:f3:fa:26:33:bd:48:33:63:7f:47:ca:
                    4f:6f:36:e0:3a:5d:29:ef:c3:19:1a:c8:0f:39:0d:
                    87:4b:39:e3:0f:41:4f:ce:c1:fc:a0:ed:81:e5:47:
                    ed:c2:cd:38:2c:76:f6:1c:90:18:97:3d:b9:fa:53:
                    79:72:a7:c7:01:f6:b7:7e:09:82:df:c1:5f:c0:19:
                    27:ee:5e:7c:d9:4b:4f:59:9f:f0:70:13:a7:c8:28:
                    1b:df:22:dc:bc:9a:d7:ca:bb:7c:43:11:c9:82:f5:
                    8e:db:72:13:ad:45:58:b3:32:26:6d:74:3a:ed:81:
                    92:d1:88:4c:ad:b8:b1:47:39:a8:da:da:66:dc:97:
                    08:06:d9:c7:ac:45:0c:b1:3d:0d:7c:57:5f:b1:98:
                    53:4f:c6:1b:c4:1b:c0:f0:57:4e:0e:01:30:c7:bb:
                    bf:bd:fd:c9:f6:a6:e2:e3:e2:af:f1:cb:ea:c8:9b:
                    a5:78:84:52:8d:55:cf:b0:83:27:a1:e8:c8:9f:4e:
                    00:3c:f2:88:8e:93:32:41:d9:d6:95:bc:bb:ac:dc:
                    90:b4:4e:3e:09:5f:a3:70:58:ea:25:b1:3f:5e:29:
                    5c:be:ac:6d:e8:38:ab:8c:50:af:61:e2:98:97:5b:
                    87:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:85:97:8E:50:5F:C1:43:0F:2D:B5:A6:73:77:45:34:C8:1F:BC:44
            X509v3 Authority Key Identifier:
                8D:07:D8:4F:5A:4E:48:6A:09:61:F8:F8:80:25:81:61:5B:30:97:80
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:44:02:20:3e:15:e2:f7:b8:b0:fc:e0:48:31:23:92:40:2b:
        56:e1:77:78:cf:26:ed:15:44:45:97:dc:90:59:1b:fc:2c:81:
        02:20:73:81:31:e9:81:1a:00:3d:12:3e:01:06:7b:73:0f:a3:
        d9:d0:ff:21:30:37:d5:d2:53:6c:ba:ad:6b:5f:b8:09

failed lints: {"w_ext_subject_key_identifier_not_recommended_subscriber": LintStatus { status: Warn, details: None }}
thread 'leaf_certificate' panicked at x509-cert/test-support/src/zlint.rs:180:5:
assertion failed: output.check_lints(ignored)


failures:
    leaf_certificate
    pss_certificate

test result: FAILED. 7 passed; 2 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.12s

The text was updated successfully, but these errors were encountered:

baloo · 2024-04-30T22:20:35Z

This should be fixed by #1306

tarcieri assigned baloo Apr 29, 2024

baloo mentioned this issue Apr 30, 2024

x509-cert: rework certificate builder profiles #1306

Merged

baloo closed this as completed in #1306 May 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x509-cert: local zlint failures #1392

x509-cert: local zlint failures #1392

tarcieri commented Apr 29, 2024

baloo commented Apr 30, 2024

x509-cert: local zlint failures #1392

x509-cert: local zlint failures #1392

Comments

tarcieri commented Apr 29, 2024

baloo commented Apr 30, 2024