ZLint v3.3.1
ZLint v3.3.1
The ZMap team is happy to share ZLint v3.3.1.
Thank you to everyone who contributes to ZLint!
Breaking Changes:
No breaking changes were made in this release.
New Lints:
e_ev_not_wildcard
asserts that wildcard domains are not allowable for EV certificates (except .onion addresses).e_dnsname_contains_prohibited_reserved_label
asserts that every label within a FQDN must be either a P-Label or a Non-Reserved LDH Label.e_ev_san_ip_address_present
asserts that Subject Alternative Name MUST contain onlydnsName
types.e_algorithm_identifier_improper_encoding
asserts CABF BR 7.1.3.1 regarding requiring a specific byte sequence within a Subject Public Key Info field.e_underscore_not_permissible_in_dnsname
asserts that underscore are not permissible after the brief permissibility period described in CABF BR 1.6.2.e_no_underscores_before_1_6_2
asserts that underscore are not permissible before the brief permissibility period described in CABF BR 1.6.2.
Bug Fixes:
- Corrected an issue in
lint_idn_dnsname_malformed_unicode
andlint_idn_dnsname_must_be_nfc
wherein the IDNA ACE prefixes were incorrectly considered to be case-sensitive. - A Tor Hash Descriptor is no longer required on certificates that encode Onion V3 addresses.
Misc:
- Numerous TLD updates.
- The CABF OID for EV (
2.23.140.1.1
) was added as a known EV OID. - Some clearer datetime logic for more natural daterange checking.
- The ZLint project has been updated to use the Go 1.18 toolchain.
- zcrypto was updated to point towards commit @599ec18ecbac.
- Various quality of life changes to the ZLint developer experience.
Changelog
74f4541 Update to Go 1.18 and update GolangCI Linter (#672)
a34c016 QoL changes to genTestCert.go (#664)
20aeab4 util: gtld_map autopull updates for 2022-04-15T16:45:51 UTC (#671)
6d874e6 updating to zcrypto 599ec18 (#670)
b3be71c Skip checking for a Tor Descriptor Hash if the provided cert contains a V3 Onion address. (#669)
3be391b Update README.md (#666)
b1bd967 No underscores are allowed in DNSNames before BR 1.6.2's permissibility period (#659)
6badb89 No underscores are allowed in DNSNames after BR 1.6.2's permissibility period (#662)
4ab8567 util: gtld_map autopull updates for 2022-02-17T22:26:31 UTC (#658)
7fc9fbd Add Microsoft to the known-ZLint users (#655)
b4a225e AlgorithmIdentifier encoding (Section 7.1.3.1, CAB-Forum BR) (#642)
da67a23 util: gtld_map autopull updates for 2021-12-30T02:43:35 UTC (#654)
3f7cf6c Update README.md (#653)
9199b6d util: gtld_map autopull updates for 2021-12-09T20:29:24 UTC (#649)
0d71258 Entrust Datacard rebranded to Entrust (#652)
bbc7e36 Add lint to detect IP addresses in EV certs (#650)
cb3e7e8 Mark CA/Browser Forum EV Policy OID as EV (#651)
da4e374 refactor: move from io/ioutil to io and os packages (#647)
3a3de3c util: gtld_map autopull updates for 2021-10-30T04:36:00 UTC (#637)
2ff2130 cleaning up some datetime logic (#644)
cb17369 Lint for Non-XN Reserved Labels (#635)
9113ed8 Forbid wildcard certs for non .onion EVs (#641)
0508b86 Detect XN-Labels case-insensitively (#636)
b6ec327 util: gtld_map autopull updates for 2021-10-05T22:26:49 UTC (#633)