Skip to content

ZLint v3.3.1
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Apr 18:46
· 144 commits to master since this release
v3.3.1
74f4541
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

ZLint v3.3.1

The ZMap team is happy to share ZLint v3.3.1.

Thank you to everyone who contributes to ZLint!

Breaking Changes:

No breaking changes were made in this release.

New Lints:

  • e_ev_not_wildcard asserts that wildcard domains are not allowable for EV certificates (except .onion addresses).
  • e_dnsname_contains_prohibited_reserved_label asserts that every label within a FQDN must be either a P-Label or a Non-Reserved LDH Label.
  • e_ev_san_ip_address_present asserts that Subject Alternative Name MUST contain only dnsName types.
  • e_algorithm_identifier_improper_encoding asserts CABF BR 7.1.3.1 regarding requiring a specific byte sequence within a Subject Public Key Info field.
  • e_underscore_not_permissible_in_dnsname asserts that underscore are not permissible after the brief permissibility period described in CABF BR 1.6.2.
  • e_no_underscores_before_1_6_2 asserts that underscore are not permissible before the brief permissibility period described in CABF BR 1.6.2.

Bug Fixes:

  • Corrected an issue in lint_idn_dnsname_malformed_unicode and lint_idn_dnsname_must_be_nfc wherein the IDNA ACE prefixes were incorrectly considered to be case-sensitive.
  • A Tor Hash Descriptor is no longer required on certificates that encode Onion V3 addresses.

Misc:

  • Numerous TLD updates.
  • The CABF OID for EV (2.23.140.1.1) was added as a known EV OID.
  • Some clearer datetime logic for more natural daterange checking.
  • The ZLint project has been updated to use the Go 1.18 toolchain.
  • zcrypto was updated to point towards commit @599ec18ecbac.
  • Various quality of life changes to the ZLint developer experience.

Changelog

74f4541 Update to Go 1.18 and update GolangCI Linter (#672)
a34c016 QoL changes to genTestCert.go (#664)
20aeab4 util: gtld_map autopull updates for 2022-04-15T16:45:51 UTC (#671)
6d874e6 updating to zcrypto 599ec18 (#670)
b3be71c Skip checking for a Tor Descriptor Hash if the provided cert contains a V3 Onion address. (#669)
3be391b Update README.md (#666)
b1bd967 No underscores are allowed in DNSNames before BR 1.6.2's permissibility period (#659)
6badb89 No underscores are allowed in DNSNames after BR 1.6.2's permissibility period (#662)
4ab8567 util: gtld_map autopull updates for 2022-02-17T22:26:31 UTC (#658)
7fc9fbd Add Microsoft to the known-ZLint users (#655)
b4a225e AlgorithmIdentifier encoding (Section 7.1.3.1, CAB-Forum BR) (#642)
da67a23 util: gtld_map autopull updates for 2021-12-30T02:43:35 UTC (#654)
3f7cf6c Update README.md (#653)
9199b6d util: gtld_map autopull updates for 2021-12-09T20:29:24 UTC (#649)
0d71258 Entrust Datacard rebranded to Entrust (#652)
bbc7e36 Add lint to detect IP addresses in EV certs (#650)
cb3e7e8 Mark CA/Browser Forum EV Policy OID as EV (#651)
da4e374 refactor: move from io/ioutil to io and os packages (#647)
3a3de3c util: gtld_map autopull updates for 2021-10-30T04:36:00 UTC (#637)
2ff2130 cleaning up some datetime logic (#644)
cb17369 Lint for Non-XN Reserved Labels (#635)
9113ed8 Forbid wildcard certs for non .onion EVs (#641)
0508b86 Detect XN-Labels case-insensitively (#636)
b6ec327 util: gtld_map autopull updates for 2021-10-05T22:26:49 UTC (#633)

Assets 7
Loading