You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pkilint is a newish linter which has a acquired a reputation of catching things that zlint doesn't. It is written in python, and very slow, so we don't want to run it during our actual pre-issuance lints if we can possibly avoid it. Instead, let's run it during our integration tests, to ensure that the certificates and CRLs produced by Boulder pass all of the pkilint checks.
The text was updated successfully, but these errors were encountered:
Add a new "LintConfig" item to the CA's config, which can point to a
zlint configuration toml file. This allows lints to be configured, e.g.
to control the number of rounds of factorization performed by the Fermat
factorization lint.
Leverage this new config to create a new custom zlint which calls out to
a configured pkilint API endpoint. In config-next integration tests,
configure the lint to point at a new pkilint docker container.
This approach has three nice forward-looking features: we now have the
ability to configure any of our lints; it's easy to expand this
mechanism to lint CRLs when the pkilint API has support for that; and
it's easy to enable this new lint if we decide to stand up a pkilint
container in our production environment.
No production configuration changes are necessary at this time.
Fixes#7430
Add a new "LintConfig" item to the CA's config, which can point to a
zlint configuration toml file. This allows lints to be configured, e.g.
to control the number of rounds of factorization performed by the Fermat
factorization lint.
Leverage this new config to create a new custom zlint which calls out to
a configured pkilint API endpoint. In config-next integration tests,
configure the lint to point at a new pkilint docker container.
This approach has three nice forward-looking features: we now have the
ability to configure any of our lints; it's easy to expand this
mechanism to lint CRLs when the pkilint API has support for that; and
it's easy to enable this new lint if we decide to stand up a pkilint
container in our production environment.
No production configuration changes are necessary at this time.
Fixesletsencrypt#7430
pkilint is a newish linter which has a acquired a reputation of catching things that zlint doesn't. It is written in python, and very slow, so we don't want to run it during our actual pre-issuance lints if we can possibly avoid it. Instead, let's run it during our integration tests, to ensure that the certificates and CRLs produced by Boulder pass all of the pkilint checks.
The text was updated successfully, but these errors were encountered: