Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ecdsa ee invalid ku check applies #731

Merged
merged 14 commits into from
Jul 9, 2023
Merged

Ecdsa ee invalid ku check applies #731

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
6c23670
lint about the encoding of qcstatements for PSD2
Feb 4, 2020
4666bb7
Revert "lint about the encoding of qcstatements for PSD2"
Feb 4, 2020
01996c6
Merge https://github.com/zmap/zlint
Aug 26, 2020
28481cc
Merge https://github.com/zmap/zlint
Sep 1, 2021
749d896
Merge https://github.com/zmap/zlint
Oct 21, 2021
e56e2a0
util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC
web-flow Oct 21, 2021
8600050
Merge pull request #1 from mtgag/zlint-gtld-update
mtgag Oct 21, 2021
30b096e
Merge https://github.com/zmap/zlint
mtgag Apr 19, 2023
92e659c
always check and perform the operation in the execution
mtgag Apr 27, 2023
351a379
Merge branch 'master' into master
christopher-henderson May 14, 2023
b52111b
Merge https://github.com/zmap/zlint
mtgag May 16, 2023
526f9be
Merge https://github.com/zmap/zlint
mtgag Jun 9, 2023
92902fc
Merge https://github.com/zmap/zlint
mtgag Jul 1, 2023
6f69a23
check applies could also check if the extension is present
mtgag Jul 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion v3/lints/rfc/lint_ecdsa_ee_invalid_ku.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func NewEcdsaInvalidKU() lint.LintInterface {
// CheckApplies returns true when the certificate is a subscriber cert using an
// ECDSA public key algorithm.
func (l *ecdsaInvalidKU) CheckApplies(c *x509.Certificate) bool {
return util.IsSubscriberCert(c) && c.PublicKeyAlgorithm == x509.ECDSA
return util.IsSubscriberCert(c) && c.PublicKeyAlgorithm == x509.ECDSA && util.HasKeyUsageOID(c)
}

// Execute returns a Notice level lint.LintResult if the ECDSA end entity certificate
Expand Down
5 changes: 5 additions & 0 deletions v3/lints/rfc/lint_ecdsa_ee_invalid_ku_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ func TestECDSAInvalidKU(t *testing.T) {
expectedStatus: lint.Notice,
expectedDetails: "Certificate had unexpected key usage(s): KeyUsageCRLSign, KeyUsageCertSign",
},
{
name: "ecdsa ee cert, without key usage",
filename: "CNWithoutSANSeptember2021.pem",
expectedStatus: lint.NA,
},
}

for _, tc := range testCases {
Expand Down