Corrected an issue in e_single_email_if_present wherein only the SAN was checked for email addresses and the subject domain name was not.
Limited the checking of common names in the SAN for e_mailbox_address_shall_contain_an_rfc822_name
Added an ineffective date to e_dsa_correct_order_in_subgroup, e_dsa_shorter_than_2048_bits, and e_dsa_unique_correct_representation.
New Lints
e_eku_critical, BRs: 7.1.2.7.6, Subscriber Certificate extkeyUsage extension MUST NOT be marked critical
e_crlissuer_must_not_be_present_in_cdp, BRs: 7.1.2.11.2, crlIssuer and/or Reason field MUST NOT be present in the CDP extension.
e_legal_entity_identifier, S/MIME BRs: 7.1.2.3.l, Mailbox/individual: prohibited. Organization/sponsor: may be present
e_commonname_mailbox_validated, S/MIME BRs: 7.1.4.2.2a, If present, the commonName attribute of a mailbox-validated certificate SHALL contain a mailbox address
e_subject_country_name, S/MIME BRs: 7.1.4.2.2n, If present, the subject:countryName SHALL contain the two‐letter ISO 3166‐1 country code associated with the location of the Subject
e_cab_dv_subject_invalid_values, BRs: 7.1.2.7.2, If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN.
e_invalid_subject_rdn_order, BRs: 7.1.4.2, Subject field attributes (RDNs) SHALL be encoded in a specific order
e_subscribers_crl_distribution_points_are_http, S/MIME BRs: 7.1.2.3.b, cRLDistributionPoints SHALL have URI scheme HTTP.
e_smime_qc_statements_must_not_be_critical, S/MIME BRs: 7.1.2.3.k, This extension MAY be present and SHALL NOT be marked critical.
e_mailbox_address_shall_contain_an_rfc822_name, S/MIME BRs: 7.1.4.2.1, All Mailbox Addresses in the subject field or entries of type dirName of this extension SHALL be repeated as rfc822Name or otherName values of type id-on-SmtpUTF8Mailbox in this extension
e_authority_key_identifier_correct, S/MIME BRs: 7.1.2.3.g, authorityKeyIdentifier SHALL be present. This extension SHALL NOT be marked critical. The keyIdentifier field SHALL be present. authorityCertIssuer and authorityCertSerialNumber fields SHALL NOT be present.
e_strict_multipurpose_smime_ext_subject_directory_attr, S/MIME BRs: 7.1.2.3j, SMIME Strict and Multipurpose certificates cannot have Subject Directory Attribute
w_ext_subject_key_identifier_not_recommended_subscriber, BRs v2: 7.1.2.7.6, Subcriber certificates use of Subject Key Identifier is NOT RECOMMENDED
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/zmap/zlint/v3 from 3.5.0 to 3.6.2.
Release notes
Sourced from github.com/zmap/zlint/v3's releases.
... (truncated)
Commits
ae3b1f3
Correct test descriptions (#829)308a138
Limit scope for cn checking in SAN (#825)2980c72
Add ineffective date to DSA lints. (#827)f9496fa
Use help Method beforeoron instead of (#717)9291729
util: gtld_map autopull updates for 2024-03-27T22:19:31 UTC (#817)e99e725
feat: Test EKU Criticality (#816)38cfd72
cRLIssuer MUST NOT be present (#814)990a074
Add lints for S/MIME BR 7.1.2.3l (#805)32bba7a
Update single email if present (#808)e33bae9
Update single email subject if present (#802)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show