Closed christopher-henderson closed 8 months ago
So, my proposal to address this issue is to change this line: https://github.com/zmap/zlint/blob/master/v3/lint/base.go#L224
To something like this:
if l.Source == CABFSMIMEBaselineRequirements && !((util.IsEmailProtectionCert(cert) && util.HasEmailSAN(cert) || util.IsSMIMEBRCertificate(cert)) {
Where HasEmailSAN (name TBC) checks for the presence of at least one san:rfc822Name or a san:otherName of type id-on-SmtpUtf8Mailbox.
Am happy to open a PR with the above if there is agreement with my suggested change.
Stemming from the comment at https://github.com/zmap/zlint/pull/744#discussion_r1347031645 we may want to revisit the logic at IsEmailProtectionCert