Skip to content

Commit

Permalink
v0.9.7 (#53)
Browse files Browse the repository at this point in the history
* Bump version to prepare for bugfix release

* Fix issue extracting email addresses from otherName SAN values. (#52)

* Add a few test cases, update changelog

---------

Co-authored-by: Jaime Hablutzel <hablutzel1@gmail.com>
  • Loading branch information
CBonnell and hablutzel1 authored Nov 3, 2023
1 parent f231539 commit 61b2a08
Show file tree
Hide file tree
Showing 6 changed files with 96 additions and 19 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@

All notable changes to this project from version 0.9.3 onwards are documented in this file.

## 0.9.7 - 2023-11-03

### Fixes

- cabf.smime.common_name_value_unknown_source finding is incorrectly reported when SmtpUtf8Mailbox SAN values appear in the subject CN (#52 - reported and fixed by @hablutzel1)

## 0.9.6 - 2023-10-25

### Fixes
Expand Down
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.9.6
0.9.7
2 changes: 1 addition & 1 deletion pkilint/cabf/smime/smime_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,6 @@ def get_email_addresses_from_san(cert_document):
if name == 'rfc822Name':
email_addresses.append(value.pdu)
elif name == 'otherName' and value.navigate('type-id').pdu == rfc8398.id_on_SmtpUTF8Mailbox:
email_addresses.append(value.navigate('value').pdu)
email_addresses.append(value.navigate('value').child[1].pdu)

return email_addresses
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgIUeWoVg5UeWvEOdZS+4GFIK+uCmEgwDQYJKoZIhvcNAQEL
MIIF+zCCA+OgAwIBAgIUeWoVg5UeWvEOdZS+4GFIK+uCmEgwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y
MzA3MjcyMzU5NTlaMEIxFjAUBgNVBAMMDVlBTUFEQSBIYW5ha28xKDAmBgkqhkiG
Expand All @@ -9,33 +9,33 @@ AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI
qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0
yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe
NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1
JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjggG6MIIBtjAM
JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjggHhMIIB3TAM
BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBTWRAAyfKgN
/6xPa2buta6bLMU4VDAdBgNVHQ4EFgQUiRlZXg7xafXLvUfhNPzimMxpMJEwFAYD
VR0gBA0wCzAJBgdngQwBBQQCMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwu
Y2EuZXhhbXBsZS5jb20vaXNzdWluZ19jYV9jcmwuY3JsMEsGCCsGAQUFBwEBBD8w
PTA7BggrBgEFBQcwAoYvaHR0cDovL3JlcG9zaXRvcnkuY2EuZXhhbXBsZS5jb20v
aXNzdWluZ19jYS5kZXIwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIGU
BgNVHREEgYwwgYmBGWhhbmFrby55YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGC
aXNzdWluZ19jYS5kZXIwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMIG7
BgNVHREEgbMwgbCBGWhhbmFrby55YW1hZGFAZXhhbXBsZS5jb22gKQYKKwYBBAGC
NxQCA6AbDBloYW5ha28ueWFtYWRhQGV4YW1wbGUuY29toCYGCCsGAQUFBwgJoBoM
GOWxseeUsOiKseWtkEBleGFtcGxlLmNvbaQZMBcxFTATBgNVBAMMDOWxseeUsOiK
seWtkDANBgkqhkiG9w0BAQsFAAOCAgEAhYvgYxtfQpV5Casm9zxWHQ0CFlftr6lb
nub59zfAQO2zoTUuk43H//r19N13KjqN1APRoihTNzQ9dPB5h1vwkK5nP+j57p3s
a9vJn7Po9mI1+mrCHQuulP/pqVNOnDcdzLyi4gCHhVx8ospV6B0BNeh8jF4a14pY
45FMMQTwZxUwq/npg0eseV8HkwYtLLn+17ZdiwpravE6jUwbcFkiBTZUcHUrerc7
aJt+LptzCHyyUowkMsVC3xvK3XCP4TmtI41ThB6ytDY59BfjIuMxfvRgEs0e8/e/
NWtzJZUty9BogK/cRXIJy6PeESbgELedzYAKiPTrgfPhl3ymZbeB6ruNKwjwty2D
jf7wfDa45Z0+0WPAcxiEyk0vhPMUVHCPhv/dlnYF+Jz+tBSdtUaKTBOXiOjgOg5Q
gtjdxZBH8R5hby+8WRdK3vFsadGTvMWjQnp3i2PRusIEQXTIBw75YV5ZUN0gKpTq
HvDwVmkYjtLrKgcFr/GDJtH15Omk6uCTML4OS5qhxFW9QMhbTto8KsW0EmSzdiLS
uVdYeBP6DkA/5CawYv+L0Kw4Sl73sr/hKETTOk952b6Fdl6YeLg9N+wMO0yHZ9TG
JCZ059L00/6Tp8Ybca7VYd/QLXPQv6F2/szWociXle5xk4BSVy0L6sRGtzOXCI8z
qGwncex6yVM=
seWtkKQlMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLmNvbTANBgkq
hkiG9w0BAQsFAAOCAgEAhYvgYxtfQpV5Casm9zxWHQ0CFlftr6lbnub59zfAQO2z
oTUuk43H//r19N13KjqN1APRoihTNzQ9dPB5h1vwkK5nP+j57p3sa9vJn7Po9mI1
+mrCHQuulP/pqVNOnDcdzLyi4gCHhVx8ospV6B0BNeh8jF4a14pY45FMMQTwZxUw
q/npg0eseV8HkwYtLLn+17ZdiwpravE6jUwbcFkiBTZUcHUrerc7aJt+LptzCHyy
UowkMsVC3xvK3XCP4TmtI41ThB6ytDY59BfjIuMxfvRgEs0e8/e/NWtzJZUty9Bo
gK/cRXIJy6PeESbgELedzYAKiPTrgfPhl3ymZbeB6ruNKwjwty2Djf7wfDa45Z0+
0WPAcxiEyk0vhPMUVHCPhv/dlnYF+Jz+tBSdtUaKTBOXiOjgOg5QgtjdxZBH8R5h
by+8WRdK3vFsadGTvMWjQnp3i2PRusIEQXTIBw75YV5ZUN0gKpTqHvDwVmkYjtLr
KgcFr/GDJtH15Omk6uCTML4OS5qhxFW9QMhbTto8KsW0EmSzdiLSuVdYeBP6DkA/
5CawYv+L0Kw4Sl73sr/hKETTOk952b6Fdl6YeLg9N+wMO0yHZ9TGJCZ059L00/6T
p8Ybca7VYd/QLXPQv6F2/szWociXle5xk4BSVy0L6sRGtzOXCI8zqGwncex6yVM=
-----END CERTIFICATE-----
node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65"
certificate.tbsCertificate.subject.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""YAMADA Hanako"""
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.3.directoryName.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65"
certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.3.directoryName.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子"""

certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.4.directoryName.rdnSequence,SubscriberSubjectValidator,ERROR,cabf.smime.missing_required_attribute,"Missing one of these required attributes: 2.5.4.4, 2.5.4.42, 2.5.4.65"
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIFUTCCAzmgAwIBAgIUH/nOhctN2lspZ2LasyeIMEixJzEwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y
MzA3MTgyMzU5NTlaMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALD56BlDp66YkqreF8p8
QPh0T+0vgUjmyOqie30AFUj7UZKrKLVsUGCxGMzRMeWUh0xsqYm1bCcpbwn7k6A0
3zLpfG/wmYz9jm9C3aWKzR+peYbxRPPRVNZ2UBdeaFSzqVIAO8Boh7hFWsKxn3sv
dlBOvJjslFVxsHiSFQ3canTKD7zTVJfOgVNNr5QYhEsTrqMfnVprlVe732Ge/U6I
fy1CuN2LyYfq4b+Jyrhe4h41YwXfbAeog44+9BxZXczkPa/EkSPvTYq7qT05BeQC
jXupFISidZbge0tu2ZLwd7Uk09z+fd1VSb58zo2gNc+gs/uPnkb3MrKoa0YBZcCP
UxMCAwEAAaOCAVYwggFSMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB8G
A1UdIwQYMBaAFNZEADJ8qA3/rE9rZu61rpssxThUMB0GA1UdDgQWBBSJGVleDvFp
9cu9R+E0/OKYzGkwkTAUBgNVHSAEDTALMAkGB2eBDAEFAQIwPQYDVR0fBDYwNDAy
oDCgLoYsaHR0cDovL2NybC5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhX2NybC5j
cmwwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vcmVwb3NpdG9y
eS5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhLmRlcjAdBgNVHSUEFjAUBggrBgEF
BQcDBAYIKwYBBQUHAwIwMQYDVR0RBCowKKAmBggrBgEFBQcICaAaDBjlsbHnlLDo
irHlrZBAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAIOKyHChjHy4d+Ox
V/2Ndpce2/f4la47F+5bJYoq6SE7j5nwpYu+iVaztBasqX3Xdj+GVbx/Vk6UFIUQ
b9OpMB5CUZIKajTztFjqTVZ7CvL3D9f0cpQ4iRq8s7ugMzkg6rMaJhQ+oZu9V0WH
LIAV1zT1M0hoW6lHrgbmcGXtVpj/8rrzaYITL5VhXIwB5LQvRbjaR4UP982dtBlH
OgEMMLZ/K74hUsEIoVSQyZBohmiVHO5VVaLMMfO20qBqVZbhCGP0Sth7F1NJJnpO
Kqtrfb9ToES/fGalIDktuqKDl8ap0d0DMdUuSki8vfoSustoD4coh6Gj1U5OLOeB
LP2A7Wws+6YsssqdwxCM5oK8Af5htiGzr+nU/GWuQUewPoIAe7sKN82MSndkhSA5
l2/p/TC/7Ov92nsiiZrOBZkavn1/InG/pb1XizIZQkXuTBS9rZG+9gRZLtHnlHXu
IlJ8Pd38xuvlpfFTws2DsFdI/lE4ssoHF2hGVvk6UxJsmP30P+0wmxqfvFK96y5W
OTpLeU/NzJmXTBSBy0MWmVF5E9nQWkp4d1XzShYtGq3vcXYgUGRpDJL1oik461Ds
C10jQZz+k1zvc5+dbUyuCj2Z0Lzb1C7Z+B+89xYX1pInv4zzWJBbzMzmmsMDwIRv
UehtmQe3EzrhtFLvOtx5IeV19qAK
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIFeDCCA2CgAwIBAgIUH/nOhctN2lspZ2LasyeIMEixJzEwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MTkwMDAwMDBaFw0y
MzA3MTgyMzU5NTlaMCMxITAfBgNVBAMMGOWxseeUsOiKseWtkEBleGFtcGxlLm5l
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALD56BlDp66YkqreF8p8
QPh0T+0vgUjmyOqie30AFUj7UZKrKLVsUGCxGMzRMeWUh0xsqYm1bCcpbwn7k6A0
3zLpfG/wmYz9jm9C3aWKzR+peYbxRPPRVNZ2UBdeaFSzqVIAO8Boh7hFWsKxn3sv
dlBOvJjslFVxsHiSFQ3canTKD7zTVJfOgVNNr5QYhEsTrqMfnVprlVe732Ge/U6I
fy1CuN2LyYfq4b+Jyrhe4h41YwXfbAeog44+9BxZXczkPa/EkSPvTYq7qT05BeQC
jXupFISidZbge0tu2ZLwd7Uk09z+fd1VSb58zo2gNc+gs/uPnkb3MrKoa0YBZcCP
UxMCAwEAAaOCAX0wggF5MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB8G
A1UdIwQYMBaAFNZEADJ8qA3/rE9rZu61rpssxThUMB0GA1UdDgQWBBSJGVleDvFp
9cu9R+E0/OKYzGkwkTAUBgNVHSAEDTALMAkGB2eBDAEFAQIwPQYDVR0fBDYwNDAy
oDCgLoYsaHR0cDovL2NybC5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhX2NybC5j
cmwwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vcmVwb3NpdG9y
eS5jYS5leGFtcGxlLmNvbS9pc3N1aW5nX2NhLmRlcjAdBgNVHSUEFjAUBggrBgEF
BQcDBAYIKwYBBQUHAwIwWAYDVR0RBFEwT6AmBggrBgEFBQcICaAaDBjlsbHnlLDo
irHlrZBAZXhhbXBsZS5jb22kJTAjMSEwHwYDVQQDDBjlsbHnlLDoirHlrZBAZXhh
bXBsZS5uZXQwDQYJKoZIhvcNAQELBQADggIBAIOKyHChjHy4d+OxV/2Ndpce2/f4
la47F+5bJYoq6SE7j5nwpYu+iVaztBasqX3Xdj+GVbx/Vk6UFIUQb9OpMB5CUZIK
ajTztFjqTVZ7CvL3D9f0cpQ4iRq8s7ugMzkg6rMaJhQ+oZu9V0WHLIAV1zT1M0ho
W6lHrgbmcGXtVpj/8rrzaYITL5VhXIwB5LQvRbjaR4UP982dtBlHOgEMMLZ/K74h
UsEIoVSQyZBohmiVHO5VVaLMMfO20qBqVZbhCGP0Sth7F1NJJnpOKqtrfb9ToES/
fGalIDktuqKDl8ap0d0DMdUuSki8vfoSustoD4coh6Gj1U5OLOeBLP2A7Wws+6Ys
ssqdwxCM5oK8Af5htiGzr+nU/GWuQUewPoIAe7sKN82MSndkhSA5l2/p/TC/7Ov9
2nsiiZrOBZkavn1/InG/pb1XizIZQkXuTBS9rZG+9gRZLtHnlHXuIlJ8Pd38xuvl
pfFTws2DsFdI/lE4ssoHF2hGVvk6UxJsmP30P+0wmxqfvFK96y5WOTpLeU/NzJmX
TBSBy0MWmVF5E9nQWkp4d1XzShYtGq3vcXYgUGRpDJL1oik461DsC10jQZz+k1zv
c5+dbUyuCj2Z0Lzb1C7Z+B+89xYX1pInv4zzWJBbzMzmmsMDwIRvUehtmQe3Ezrh
tFLvOtx5IeV19qAK
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子@example.net"""
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions.8.extnValue.subjectAltName.1.directoryName.rdnSequence.0.0.value.x520CommonName,CommonNameValidator,ERROR,cabf.smime.common_name_value_unknown_source,"Unknown CN value source: ""山田花子@example.net"""

0 comments on commit 61b2a08

Please sign in to comment.