At the moment, Zlint does not check that the value of the SCTList extension complies with RFC 6962 section 3.3, in particular that "At least one SCT MUST be included." There is a lint that counts SCTs and issues just an INFO if the number doesn't meet Apple's policy, but that's a different matter. Here, instead, we check that, when the extension is present in the certificate, the list of SCTs therein contained is not empty. This problem has actually happened at least once in the past as can be seen on Bugzilla.
At the moment, Zlint does not check that the value of the SCTList extension complies with RFC 6962 section 3.3, in particular that "At least one SCT MUST be included." There is a lint that counts SCTs and issues just an INFO if the number doesn't meet Apple's policy, but that's a different matter. Here, instead, we check that, when the extension is present in the certificate, the list of SCTs therein contained is not empty. This problem has actually happened at least once in the past as can be seen on Bugzilla.