addressing review comment

v3/lints/cabf_br/lint_cab_dv_subject_invalid_values.go

@@ -66,11 +66,21 @@ func (l *dvSubjectInvalidValues) CheckApplies(cert *x509.Certificate) bool {
 
 func (l *dvSubjectInvalidValues) Execute(cert *x509.Certificate) *lint.LintResult {
 	names := util.GetTypesInName(&cert.Subject)
+	var cnFound = false
 	for _, n := range names {
-		if n.Equal(util.CountryNameOID) || n.Equal(util.CommonNameOID) {
+		if n.Equal(util.CommonNameOID) {
+			cnFound = true
+			continue
+		}
+		if n.Equal(util.CountryNameOID) {
 			continue
 		}
 		return &lint.LintResult{Status: lint.Error, Details: fmt.Sprintf("DV certificate contains the invalid attribute type %s", n)}
 	}
+
+	if cnFound {
+		return &lint.LintResult{Status: lint.Warn, Details: "DV certificate contains a subject common name, this is not recommended."}
+	}
+
 	return &lint.LintResult{Status: lint.Pass}
 }

v3/lints/cabf_br/lint_cab_dv_subject_invalid_values_test.go

@@ -46,8 +46,19 @@ func TestNewDvSubjectInvalidValues(t *testing.T) {
 			ExpectedDetails: "DV certificate contains the invalid attribute type 2.5.4.5",
 		},
 		{
-			Name:           "pass - DV with valid values in subjectDN, on SC62",
-			InputFilename:  "dvWithCNAndCountry.pem",
+			Name:            "warn - DV with valid values in subjectDN, with CN, on SC62",
+			InputFilename:   "dvWithCNAndCountry.pem",
+			ExpectedResult:  lint.Warn,
+			ExpectedDetails: "DV certificate contains a subject common name, this is not recommended",
+		},
+		{
+			Name:           "pass - DV with valid values in subjectDN, country only, on SC62",
+			InputFilename:  "dvCountry.pem",
+			ExpectedResult: lint.Pass,
+		},
+		{
+			Name:           "pass - DV with empty subjectDN, on SC62",
+			InputFilename:  "dvEmptySubject.pem",
 			ExpectedResult: lint.Pass,
 		},
 		{

v3/testdata/dvCountry.pem

@@ -0,0 +1,43 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            47:bd:93:31:c3:50:f8:8d:c6:74:07:68
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: CN = Lint CA, O = Lint, C = DE
+        Validity
+            Not Before: Sep 15 00:00:00 2023 GMT
+            Not After : Sep 15 00:00:00 2024 GMT
+        Subject: C = DE
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:54:ae:c0:80:e5:dd:5e:59:ea:85:0e:1d:db:88:
+                    29:19:72:a3:41:e4:d9:1c:b9:d6:e9:8c:d1:a5:8f:
+                    82:c0:fc:49:47:9c:c2:35:79:e6:cb:3e:5a:78:92:
+                    39:b0:fd:94:ab:3a:5a:81:75:e0:45:15:df:01:d1:
+                    99:36:40:1b:30
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                B3:8E:9C:AF:03:B9:83:6B:7D:F5:F4:DC:32:A5:73:88:48:58:4E:8E
+            X509v3 Certificate Policies: 
+                Policy: 2.23.140.1.2.1
+    Signature Algorithm: ecdsa-with-SHA256
+    Signature Value:
+        30:45:02:20:22:d4:dd:cc:74:0c:e6:ca:fa:3c:8e:40:52:f4:
+        8a:db:14:22:90:b8:08:48:71:9a:51:5b:20:73:ff:3b:00:d7:
+        02:21:00:c1:ab:a2:6c:c7:77:d3:20:af:2a:f0:04:1d:64:14:
+        7b:3b:40:c9:1c:44:3c:4d:75:9f:ab:fe:89:88:94:f6:41
+-----BEGIN CERTIFICATE-----
+MIIBbTCCAROgAwIBAgIMR72TMcNQ+I3GdAdoMAoGCCqGSM49BAMCMC4xEDAOBgNV
+BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx
+NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowDTELMAkGA1UEBhMCREUwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAARUrsCA5d1eWeqFDh3biCkZcqNB5NkcudbpjNGlj4LA
+/ElHnMI1eebLPlp4kjmw/ZSrOlqBdeBFFd8B0Zk2QBswozgwNjAfBgNVHSMEGDAW
+gBSzjpyvA7mDa3319NwypXOISFhOjjATBgNVHSAEDDAKMAgGBmeBDAECATAKBggq
+hkjOPQQDAgNIADBFAiAi1N3MdAzmyvo8jkBS9IrbFCKQuAhIcZpRWyBz/zsA1wIh
+AMGromzHd9MgryrwBB1kFHs7QMkcRDxNdZ+r/omIlPZB
+-----END CERTIFICATE-----

v3/testdata/dvEmptySubject.pem

@@ -0,0 +1,43 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            32:eb:47:ff:01:13:5d:24:1e:bd:fe:88
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: CN = Lint CA, O = Lint, C = DE
+        Validity
+            Not Before: Sep 15 00:00:00 2023 GMT
+            Not After : Sep 15 00:00:00 2024 GMT
+        Subject: 
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:b4:c0:74:a1:a4:7e:42:d3:b6:7c:40:5b:95:fd:
+                    82:d5:ed:e8:19:62:a8:e7:16:be:54:e7:c0:bf:25:
+                    41:46:7e:36:25:03:27:c0:3a:c6:52:e2:37:84:cc:
+                    53:34:6d:ef:c2:93:bf:50:56:fb:9c:88:4f:53:75:
+                    35:81:75:cc:c0
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                B3:8E:9C:AF:03:B9:83:6B:7D:F5:F4:DC:32:A5:73:88:48:58:4E:8E
+            X509v3 Certificate Policies: 
+                Policy: 2.23.140.1.2.1
+    Signature Algorithm: ecdsa-with-SHA256
+    Signature Value:
+        30:46:02:21:00:b9:d1:1d:bd:e7:7f:b6:48:d0:72:08:42:58:
+        5c:72:12:c8:92:5d:73:3d:32:67:84:dd:12:e1:2d:dc:65:03:
+        4b:02:21:00:ed:82:a3:6c:09:64:60:e2:d8:37:32:8b:54:18:
+        f3:f5:40:29:e8:70:53:67:79:16:88:52:02:44:9b:07:57:31
+-----BEGIN CERTIFICATE-----
+MIIBYTCCAQagAwIBAgIMMutH/wETXSQevf6IMAoGCCqGSM49BAMCMC4xEDAOBgNV
+BAMMB0xpbnQgQ0ExDTALBgNVBAoMBExpbnQxCzAJBgNVBAYTAkRFMB4XDTIzMDkx
+NTAwMDAwMFoXDTI0MDkxNTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABLTAdKGkfkLTtnxAW5X9gtXt6BliqOcWvlTnwL8lQUZ+NiUDJ8A6xlLiN4TM
+UzRt78KTv1BW+5yIT1N1NYF1zMCjODA2MB8GA1UdIwQYMBaAFLOOnK8DuYNrffX0
+3DKlc4hIWE6OMBMGA1UdIAQMMAowCAYGZ4EMAQIBMAoGCCqGSM49BAMCA0kAMEYC
+IQC50R2953+2SNByCEJYXHISyJJdcz0yZ4TdEuEt3GUDSwIhAO2Co2wJZGDi2Dcy
+i1QY8/VAKehwU2d5FohSAkSbB1cx
+-----END CERTIFICATE-----