Skip to content

v2.2.0-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@zlintbot zlintbot released this 02 Sep 00:01
· 241 commits to master since this release
v2.2.0-rc1
e1a9412

ZLint v2.2.0-rc1

The ZMap team is happy to share a v2.2.0 release candidate. This minor release primarily includes bug fixes and new lints.

New Lints:

  • New RFC 5280 Lints

    • e_cert_sig_alg_not_match_tbs_sig_alg to verify tbsCertificate algorithm matches certificate's signature algorithm.
  • New CA/Browser Forum Lints:

    • e_san_dns_name_onion_invalid to validate .onion certificate subject addresses are well-formed.

Updated Lints:

  • e_ext_tor_service_descriptor_hash_invalid updated for Ballot SC27 to only require the extension for EV certificates.

Removed Lints:

  • e_sub_ca_aia_does_not_contain_ocsp_url, as of Ballot SC31 this lint is no longer required.

Command Line Utility Updates:

  • -summary and -longSummary command line flags added to zlint utility for presenting lint results in a human-readable tabular form.

Bug Fixes:

  • lint_ev_valid_time_too_long maximum validity calculation fixed and source/citation/package corrected to CABF EV Guidelines.
  • e_ev_business_category_missing, e_ev_country_name_missing, e_ev_organization_name_missing, and e_ev_serial_number_missing source/citation/package corrected to CABF EV Guidelines.
  • e_tls_server_cert_valid_time_longer_than_398_days fixed to not apply to CA certificates.

Misc:

  • README updates.
  • Updated ZCrypto dependency (Added QCStatement support).
  • Updated TLD data (Current to 2020-07-29).

Full Changelog

e1a9412 Add citation for sub-CAs to ca_digital_signature_not_set (#464)
9ab0643 Ballot SC31 makes OCSP optional for intermediate certificates. (#463)
3f689d2 README to suggest checking x509.ParseCertificate error (#460)
ada0991 autopull: 2020-07-29T15:10:15Z (#459)
6d02ef7 tests: add NA test case for e_tls_server_cert_valid_time_longer_than_398_days (#457)
34310bd this lint shouldn't apply to CA certs (#456)
ca9532d Create options for human-readable output formats (#437)
5f05d1d gTLD autopull: 2020-07-18T15:05:07Z (#455)
a9b0032 gTLD autopull: 2020-06-27T14:52:30Z (#452)
f530e42 docs: add Entrust Datacard to README ZLInt users. (#451)
d4acbba lints: cabf_br lint to verify .onion addresses are well-formed (#450)
84a8a20 Fix .onion tests to only apply to EV certificates (#449)
ecf8678 Move EV-specific tests to cabf_ev (#445)
c820d95 Fix the EV validity check (#447)
37a03da docs: correct link to integration test documentation (#446)
ce1631b autopull: 2020-06-03T14:39:17Z (#444)
de9eafb Check tbsCertificate signature algorithm matches certificate (#436)
82e1f43 gTLD autopull: 2020-05-28T14:35:00Z (#442)
da06a3a autopull: 2020-05-27T14:34:02Z (#441)
9957909 Deps: Update ZCrypto, fix assoc. test breakage. (#435)
a42b778 ci: remove vendor dir, Go 1.13.x -> 1.14.x, fix integration test data (#432)
bb6c7a7 docs: add ZLint announcements mailing list to README (#431)
ee0c915 Adding mailing list link to README.