Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the EV validity period check #447

Merged
merged 2 commits into from
Jun 5, 2020
Merged

Fix the EV validity period check #447

merged 2 commits into from
Jun 5, 2020

Conversation

sleevi
Copy link
Contributor

@sleevi sleevi commented Jun 4, 2020

The lint lint_ev_valid_time_too_long has two issues:

  • It set the maximum validity as 825-days, rather than 27 months
    (which is 366 + 365 + 31 + 31 + 30 = 823 days) for certs issued
    before the 825-day change (CABF Ballot 193)
  • It set the source of the requirements to the BRs, rather than
    the EVGs

This updates the test to test for 27 months for certificates issued
prior to the Ballot 193 effective date. A number of certificates now
fail this check, either because they're used for code signing (but
reuse the same EV OID), or because they interpreted the validity
period as permitting "fractional months" (typically, in the form of
<24 additional hours).

Aligned with the interpretation of Ballot 193 that treats fractional
days as > 825 days, this treats fractional months as > 27 months.

@sleevi
Fix the EV validity check
92a6a7b 
The lint lint_ev_valid_time_too_long has several issues:
* It set the maximum validity as 825-days, rather than 27 months
  (which is 366 + 365 + 31 + 31 + 30 = 823 days) for certs issued
  before the 825-day change
* It set the source of the requirements to the BRs, rather than
  the EVGs
@sleevi sleevi requested a review from dadrian June 4, 2020 18:03
cpu
cpu approved these changes Jun 4, 2020
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @sleevi, no qualms from me.

@zakird zakird merged commit c820d95 into zmap:master Jun 5, 2020
@sleevi sleevi deleted the fix_ev_validity_test branch June 5, 2020 01:04
@sleevi sleevi mentioned this pull request Jun 5, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpu cpu cpu approved these changes

@dadrian dadrian Awaiting requested review from dadrian

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sleevi @cpu @zakird