CBonnell
commented
7 years ago I have not reproduced this specific problem with certlint, but there was a bug regarding the ASN1::Constructive.each implementation in Ruby 2.4.0's OpenSSL library (see https://github.com/ruby/openssl/pull/96 for details) that is likely the culprit here.
If possible, it would probably be worthwhile to update to Ruby 2.4.1 and try running certlint again.
hcomet
I found that I was always geting: E: commonNames in BR certificates must be from SAN entries
for all certificates. Seems the SANs are not being processed properly. I had to change line 409 in lib/certlint/cablint.rb to the following:
OpenSSL::ASN1.decode(der).value.each do |genname|
to fix it.
Using Ruby 2.4.0 on Ubuntu 16.04