Skip to content

v3.2.0-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 22 May 18:51
· 179 commits to master since this release
v3.2.0-rc1
7e75dc3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

ZLint v3.2.0-rc1

The ZMap team is happy to share ZLint v3.2.0-rc1.

Thank you to everyone who contributes to Zlint!

Breaking Changes:

No breaking changes were made in this release.

New Lints:

  • w_subject_given_name_recommended_max_length, RFC 5280

    X.411 (1988) describes ub-common-name-length to be 64 bytes long. As systems may have targeted this length, for compatibility purposes it may be prudent to limit given names to this length.

  • e_prohibit_dsa_usage, Mozilla Root Store Policy - §5.1

    The usage of DSA as the public key algorithm is no longer allowed. Effective March 31st, 2017.

  • e_br_prohibit_dsa_usage, CABF Baseline requirements, v1.7.1

    DSA was removed from the Baseline Requirements as a valid signature algorithm in 1.7.1. Effective August 20th, 2020.

Bug Fixes:

  • e_serial_number_not_positive no longer considers zero to be valid.
  • e_subject_given_name_max_length now checks whether given names are under 32769 characters long (was 17).
  • e_subject_surname_max_length now checks whether given names are under 32769 characters long (was 17).
  • e_dsa_params_missing is no longer effective as of August 20th, 2020.

Misc:

  • Updated TLD data (Current to 2021-04-22).
  • ZCrypto dependency bumped to ea3fdbd5ea2.
  • Switched ZLint to Go 1.16.
  • Added the -version flag to zlint/zlint-gtld-update.
  • Added support for IneffectiveDate in lints, which complements EffectiveDate and marks when a lint is superseded by another or is otherwise no longer enforced.
  • A certificate generating playground tool was added under v3/cmd/genTestCerts/. This script should hopefully accelerate the process of generating test certificates for most edge cases.
  • Added static analysis to the repository which enforces function ordering in lints in CI/CD.
  • Miscellaneous typos.

Changelog

7e75dc3 deps: update zcrypto to ea3fdbd (#604)
d5d0ed9 lints: fix anyKeyUsage typo in n_mp_allowed_eku. (#600)
c47eab4 cmd: add -version to zlint, zlint-gtld-update. (#598)
0807bf9 Updating RFC surname and givenname character limits (#586)
3de0a7c util: gtld_map autopull updates for 2021-04-22T03:40:32 UTC (#590)
5ca3470 util: gtld_map autopull updates for 2021-04-21T21:31:31 UTC (#589)
740b212 util: gtld_map autopull updates for 2021-04-17T02:48:14 UTC (#588)
d5ab97e Make zero an invalid serial number for RFC lints (#584)
2cac1fd Lint that DSA is not used - BR (#577)
30c55c5 lints: fix typo in e_ext_name_constraints_not_critical description (#579)
a6348f9 Update zcrypto for vendored crypto/dsa package (#578)
35273f1 util: gtld_map autopull updates for 2021-03-26T21:30:44 UTC (#580)
b313d9f Introduce an upper bounds to effective dates (#576)
3223b2a Add a new lint to prohibit using DSA (#572)
3615e0f Include a playground script for generating one off certificates and certificate chains (#569)
7fcf0da util: gtld_map autopull updates for 2021-02-19T22:31:45 UTC (#571)
2aa588f project: switch to go 1.16. (#570)
1f157ab Lint template produces a file with an init function that is not at the top of the new lint (#565)
835500b Custom static analysis tooling for CI/CD (#551)
1cbdd0c docs: update CONTRIBUTING.md with cert generation resources (#560)
59e0d78 util: gtld_map autopull updates for 2021-02-11T11:26:01 UTC (#563)
f091dd3 deps: update zcrypto to 2a2d9c3 (#562)

Assets 7
Loading