v3.2.0-rc1
Pre-releaseZLint v3.2.0-rc1
The ZMap team is happy to share ZLint v3.2.0-rc1.
Thank you to everyone who contributes to Zlint!
Breaking Changes:
No breaking changes were made in this release.
New Lints:
w_subject_given_name_recommended_max_length
, RFC 5280X.411 (1988) describes ub-common-name-length to be 64 bytes long. As systems may have targeted this length, for compatibility purposes it may be prudent to limit given names to this length.
e_prohibit_dsa_usage
, Mozilla Root Store Policy - §5.1The usage of DSA as the public key algorithm is no longer allowed. Effective March 31st, 2017.
e_br_prohibit_dsa_usage
, CABF Baseline requirements, v1.7.1DSA was removed from the Baseline Requirements as a valid signature algorithm in 1.7.1. Effective August 20th, 2020.
Bug Fixes:
e_serial_number_not_positive
no longer considers zero to be valid.e_subject_given_name_max_length
now checks whether given names are under 32769 characters long (was 17).e_subject_surname_max_length
now checks whether given names are under 32769 characters long (was 17).e_dsa_params_missing
is no longer effective as of August 20th, 2020.
Misc:
- Updated TLD data (Current to 2021-04-22).
- ZCrypto dependency bumped to
ea3fdbd5ea2
. - Switched ZLint to Go 1.16.
- Added the
-version
flag tozlint
/zlint-gtld-update
. - Added support for
IneffectiveDate
in lints, which complementsEffectiveDate
and marks when a lint is superseded by another or is otherwise no longer enforced. - A certificate generating playground tool was added under
v3/cmd/genTestCerts/
. This script should hopefully accelerate the process of generating test certificates for most edge cases. - Added static analysis to the repository which enforces function ordering in lints in CI/CD.
- Miscellaneous typos.
Changelog
7e75dc3 deps: update zcrypto to ea3fdbd (#604)
d5d0ed9 lints: fix anyKeyUsage typo in n_mp_allowed_eku
. (#600)
c47eab4 cmd: add -version
to zlint
, zlint-gtld-update
. (#598)
0807bf9 Updating RFC surname and givenname character limits (#586)
3de0a7c util: gtld_map autopull updates for 2021-04-22T03:40:32 UTC (#590)
5ca3470 util: gtld_map autopull updates for 2021-04-21T21:31:31 UTC (#589)
740b212 util: gtld_map autopull updates for 2021-04-17T02:48:14 UTC (#588)
d5ab97e Make zero an invalid serial number for RFC lints (#584)
2cac1fd Lint that DSA is not used - BR (#577)
30c55c5 lints: fix typo in e_ext_name_constraints_not_critical description (#579)
a6348f9 Update zcrypto for vendored crypto/dsa package (#578)
35273f1 util: gtld_map autopull updates for 2021-03-26T21:30:44 UTC (#580)
b313d9f Introduce an upper bounds to effective dates (#576)
3223b2a Add a new lint to prohibit using DSA (#572)
3615e0f Include a playground script for generating one off certificates and certificate chains (#569)
7fcf0da util: gtld_map autopull updates for 2021-02-19T22:31:45 UTC (#571)
2aa588f project: switch to go 1.16. (#570)
1f157ab Lint template produces a file with an init
function that is not at the top of the new lint (#565)
835500b Custom static analysis tooling for CI/CD (#551)
1cbdd0c docs: update CONTRIBUTING.md with cert generation resources (#560)
59e0d78 util: gtld_map autopull updates for 2021-02-11T11:26:01 UTC (#563)
f091dd3 deps: update zcrypto to 2a2d9c3 (#562)