Add lint to check that all CRL Distribution Points only contain "http" URLs (per CABF BRs 7.1.2.11.2)

zmap / zlint

X.509 Certificate Linter focused on Web PKI standards and requirements.

https://zmap.io

Apache License 2.0

361 stars 110 forks source link

Add lint to check that all CRL Distribution Points only contain "http" URLs (per CABF BRs 7.1.2.11.2) #867

Closed defacto64 closed 3 months ago

defacto64 commented 4 months ago

Please add this lint to verify that all CRL Distribution Points contain URLs with "http" scheme, whereas other schemes (e.g., "ldap") are not allowed. For reference, section 7.1.2.11.2 requires that ....

...the scheme of each MUST be “http”