zlint
zlint copied to clipboard
zmap
X.509 Certificate Linter focused on Web PKI standards and requirements.
The [`IsOnionV2Address` function comments](https://github.com/zmap/zlint/blob/d8b86f771ea068173826b2088f0c502c17eaaa8d/v3/util/onion.go#L46) say, "The second-to-the-right most label is a 16 character long, base32." The code actually seems to check the left-most label. Based on similar [code in `IsOnionV3Address`](https://github.com/zmap/zlint/blob/d8b86f771ea068173826b2088f0c502c17eaaa8d/v3/util/onion.go#L30-L34),...
Hello, Recently I found a certificate with an invalid postal code: https://crt.sh/?id=6811189993&opt=zlint It was found due to the field length exceeding 17 chars. However, if the value in that field...
### Short Summary As part of a wider test we checked all of our CA certificates by Zlint ver.3.0.0 (?) and we could identify a potential issue with different types...
zlint is currently missing a close-primes lint, maybe we can repurpose the check from boulder for this? https://github.com/letsencrypt/boulder/commit/89000bd61cfc6f373cb48b6f046d4fce7df5468e https://fermatattack.secvuln.info/ cc: @aarongable
This lint encodes a brief period from December 10th 2018 to April 1st 2019 wherein CABF BR permitted underscores within DNS names if-and-only if those certificates were valid for fewer...
This lint encodes a brief period from December 10th 2018 to April 1st 2019 wherein CABF BR permitted underscores within DNS names if-and-only replacing each underscore with a hyphen would...
This lint encodes that RFC5280 was never permissive of underscore characters within DNS names.
Changed Error handling for invalidKUs. This fixes pull request #479.
# What is a Profile A profile derives from the conversation in #583 wherein we would like to have curated lists of lints that, collectively, refer to a particular requirement...
In the interest of moving #646 over the finish line (@CBonnell because I don't think I can add you as a reviewer), I believe that it would be prudent to...