Closed robplee closed 2 years ago
Following on from a recent thread on mozilla.dev.security.policy about a malformed cert in the Mozilla root store with a bad KU bit string.
This is something that other linters (x509lint) catch but that zlint doesn't so we could add a linter to check the encoding of the KU bit string.
Mozilla thread: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/EKAIB01lvlo
@christopher-henderson I'm closing this as your PR with the new lint has been merged!
Following on from a recent thread on mozilla.dev.security.policy about a malformed cert in the Mozilla root store with a bad KU bit string.
This is something that other linters (x509lint) catch but that zlint doesn't so we could add a linter to check the encoding of the KU bit string.
Mozilla thread: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/EKAIB01lvlo