Lint e_ext_cert_policy_disallowed_any_policy_qualifier checks whether the CpsOID or UserNoticeOID policy qualifiers are present. It does not evaluate whether anyPolicy is present. In this implementation it is iterated over all policies, checked whether a policy is the anyPolicy and then checked whether the qualifiers for this policy are the allowed ones. The implementation is based on code snippets from v3/util/oid.go GetMappedPolicies function. Also the check applies does not only check whether the extension is present but also whether one of the policies is the anyPolicy, and has a small TODO for discussion whether to implement this as a utility function "HasAnyPolicyOID". Also new certificates have been issued to test the behaviour of the lint.
Lint e_ext_cert_policy_disallowed_any_policy_qualifier checks whether the CpsOID or UserNoticeOID policy qualifiers are present. It does not evaluate whether anyPolicy is present. In this implementation it is iterated over all policies, checked whether a policy is the anyPolicy and then checked whether the qualifiers for this policy are the allowed ones. The implementation is based on code snippets from v3/util/oid.go GetMappedPolicies function. Also the check applies does not only check whether the extension is present but also whether one of the policies is the anyPolicy, and has a small TODO for discussion whether to implement this as a utility function "HasAnyPolicyOID". Also new certificates have been issued to test the behaviour of the lint.