Policy Qualifiers other than id-qt-cps are no longer allowed as per CABF BRs

zmap / zlint

X.509 Certificate Linter focused on Web PKI standards and requirements.

https://zmap.io

Apache License 2.0

364 stars 109 forks source link

Policy Qualifiers other than id-qt-cps are no longer allowed as per CABF BRs #774

Closed XolphinMartijn closed 1 year ago

XolphinMartijn commented 1 year ago

As of SC-62, only the cps policy qualifier is allowed in any certificate type.

XolphinMartijn commented 1 year ago

While I originally set out to search for User Notice, in fact all qualifiers are now a MUST NOT, except for id-qt-cps. PR and lint description updated to reflect proper language

XolphinMartijn commented 1 year ago

The description and lint code looks good. Can you update the name of the lint e_user_notice_not_permitted (in both code and file name) to match the new description of what's being checked?

Done. Thank you for that suggestion. Likewise, function names have been updated

zakird commented 1 year ago

Looks good to me. @christopher-henderson do you want to quickly 👀 look over, or good to merge from your POV?