formats
formats copied to clipboard
Published
20 hours ago •
RustCrypto
RustCrypto
x509-cert: local zlint failures
I tried running the x509-cert test suite on my mac using zlint installed from Homebrew and I'm encountering the following:
$ zlint --version
ZLint version 3.6.2
$ cargo test --all-features
Running tests/builder.rs (target/debug/deps/builder-840b0a8c8c8ecac9)
running 9 tests
test dynamic_signer ... ok
Certificate request self-signature verify OK
Certificate request self-signature verify OK
test certificate_request_attributes ... ok
test certificate_request ... ok
test async_builder ... ok
test root_ca_certificate_ecdsa ... ok
test root_ca_certificate ... ok
test sub_ca_certificate ... ok
test pss_certificate ... FAILED
test leaf_certificate ... FAILED
failures:
---- pss_certificate stdout ----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42 (0x2a)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0x01 (default)
Issuer: C = US, O = World domination Inc, CN = World domination corporation
Validity
Not Before: Apr 29 13:53:09 2024 GMT
Not After : Apr 29 13:53:14 2024 GMT
Subject: CN = service.domination.world
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:c4:2c:51:5f:10:a6:aa:f2:82:c6:3e:db:e2:
42:43:a1:70:f3:fa:26:33:bd:48:33:63:7f:47:ca:
4f:6f:36:e0:3a:5d:29:ef:c3:19:1a:c8:0f:39:0d:
87:4b:39:e3:0f:41:4f:ce:c1:fc:a0:ed:81:e5:47:
ed:c2:cd:38:2c:76:f6:1c:90:18:97:3d:b9:fa:53:
79:72:a7:c7:01:f6:b7:7e:09:82:df:c1:5f:c0:19:
27:ee:5e:7c:d9:4b:4f:59:9f:f0:70:13:a7:c8:28:
1b:df:22:dc:bc:9a:d7:ca:bb:7c:43:11:c9:82:f5:
8e:db:72:13:ad:45:58:b3:32:26:6d:74:3a:ed:81:
92:d1:88:4c:ad:b8:b1:47:39:a8:da:da:66:dc:97:
08:06:d9:c7:ac:45:0c:b1:3d:0d:7c:57:5f:b1:98:
53:4f:c6:1b:c4:1b:c0:f0:57:4e:0e:01:30:c7:bb:
bf:bd:fd:c9:f6:a6:e2:e3:e2:af:f1:cb:ea:c8:9b:
a5:78:84:52:8d:55:cf:b0:83:27:a1:e8:c8:9f:4e:
00:3c:f2:88:8e:93:32:41:d9:d6:95:bc:bb:ac:dc:
90:b4:4e:3e:09:5f:a3:70:58:ea:25:b1:3f:5e:29:
5c:be:ac:6d:e8:38:ab:8c:50:af:61:e2:98:97:5b:
87:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:85:97:8E:50:5F:C1:43:0F:2D:B5:A6:73:77:45:34:C8:1F:BC:44
X509v3 Authority Key Identifier:
73:85:97:8E:50:5F:C1:43:0F:2D:B5:A6:73:77:45:34:C8:1F:BC:44
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
Signature Algorithm: rsassaPss
Signature Value:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0x01 (default)
14:db:e6:50:20:50:0a:15:ab:6a:48:e3:13:82:a0:38:0a:41:
58:54:fa:96:8c:4a:a4:f7:a4:98:70:68:98:a9:d7:50:e6:06:
70:64:ee:2c:d1:48:5e:d9:3e:15:7c:aa:70:ff:4e:1b:f0:ed:
74:8c:ac:cf:23:b5:0f:45:df:62:75:40:cb:9f:c3:f8:3c:8e:
5a:a3:f3:c1:02:32:84:2d:85:16:7e:6c:98:e9:19:51:53:21:
17:a7:56:b0:a6:e6:95:50:df:aa:3c:27:77:59:40:be:c5:69:
d4:a9:b2:2a:f9:ec:f6:2d:67:63:62:f1:bf:6a:50:e2:99:14:
c2:af:90:26:cf:1d:8f:44:e6:89:96:fa:35:12:bf:c2:ae:13:
3b:4a:16:be:2a:68:59:51:c1:5d:57:c6:fa:fe:d0:5d:f1:df:
52:b9:d3:34:d8:9b:59:9c:3a:ce:de:ba:9f:c1:0b:eb:f3:05:
f2:66:bf:de:d1:71:36:eb:b6:62:9b:b8:fa:30:f8:29:fe:b7:
c5:49:48:e8:7b:04:2b:99:47:84:b1:ac:39:07:7d:fe:b3:13:
9c:63:d1:41:d1:5f:70:cb:87:6a:4b:fc:45:f0:1e:b6:4a:bd:
8b:11:85:20:b6:5c:83:98:10:e9:0d:82:c8:09:dc:83:95:e1:
95:4e:2d:16
failed lints: {"w_ext_subject_key_identifier_not_recommended_subscriber": LintStatus { status: Warn, details: None }}
thread 'pss_certificate' panicked at x509-cert/test-support/src/zlint.rs:180:5:
assertion failed: output.check_lints(ignored)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
---- leaf_certificate stdout ----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42 (0x2a)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, O = World domination Inc, CN = World domination corporation
Validity
Not Before: Apr 29 13:53:09 2024 GMT
Not After : Apr 29 13:53:14 2024 GMT
Subject: CN = service.domination.world
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:c4:2c:51:5f:10:a6:aa:f2:82:c6:3e:db:e2:
42:43:a1:70:f3:fa:26:33:bd:48:33:63:7f:47:ca:
4f:6f:36:e0:3a:5d:29:ef:c3:19:1a:c8:0f:39:0d:
87:4b:39:e3:0f:41:4f:ce:c1:fc:a0:ed:81:e5:47:
ed:c2:cd:38:2c:76:f6:1c:90:18:97:3d:b9:fa:53:
79:72:a7:c7:01:f6:b7:7e:09:82:df:c1:5f:c0:19:
27:ee:5e:7c:d9:4b:4f:59:9f:f0:70:13:a7:c8:28:
1b:df:22:dc:bc:9a:d7:ca:bb:7c:43:11:c9:82:f5:
8e:db:72:13:ad:45:58:b3:32:26:6d:74:3a:ed:81:
92:d1:88:4c:ad:b8:b1:47:39:a8:da:da:66:dc:97:
08:06:d9:c7:ac:45:0c:b1:3d:0d:7c:57:5f:b1:98:
53:4f:c6:1b:c4:1b:c0:f0:57:4e:0e:01:30:c7:bb:
bf:bd:fd:c9:f6:a6:e2:e3:e2:af:f1:cb:ea:c8:9b:
a5:78:84:52:8d:55:cf:b0:83:27:a1:e8:c8:9f:4e:
00:3c:f2:88:8e:93:32:41:d9:d6:95:bc:bb:ac:dc:
90:b4:4e:3e:09:5f:a3:70:58:ea:25:b1:3f:5e:29:
5c:be:ac:6d:e8:38:ab:8c:50:af:61:e2:98:97:5b:
87:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:85:97:8E:50:5F:C1:43:0F:2D:B5:A6:73:77:45:34:C8:1F:BC:44
X509v3 Authority Key Identifier:
8D:07:D8:4F:5A:4E:48:6A:09:61:F8:F8:80:25:81:61:5B:30:97:80
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:3e:15:e2:f7:b8:b0:fc:e0:48:31:23:92:40:2b:
56:e1:77:78:cf:26:ed:15:44:45:97:dc:90:59:1b:fc:2c:81:
02:20:73:81:31:e9:81:1a:00:3d:12:3e:01:06:7b:73:0f:a3:
d9:d0:ff:21:30:37:d5:d2:53:6c:ba:ad:6b:5f:b8:09
failed lints: {"w_ext_subject_key_identifier_not_recommended_subscriber": LintStatus { status: Warn, details: None }}
thread 'leaf_certificate' panicked at x509-cert/test-support/src/zlint.rs:180:5:
assertion failed: output.check_lints(ignored)
failures:
leaf_certificate
pss_certificate
test result: FAILED. 7 passed; 2 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.12s
