zlint icon indicating copy to clipboard operation
zlint copied to clipboard

Published 20 hours ago verified publisher icon zmap

Linting OCSP responses

Open jsha opened this issue 4 years ago • 4 comments

In this bug, Apple shared a very thorough list of lints they apply to OCSP responses from their own issuance infrastructure. It would be useful to implement these in an open-source linter. Are the folks here interested in incorporating an OCSP linter into zlint? Do you think it would be better as a separate project?

jsha avatar Jul 24 '20 01:07 jsha

This came up once in the past #382. I think the consensus is: Yes! We'd love to have them, but we should structure their addition such that they don't make running or maintaining existing certificate lints more difficult.

zakird avatar Jul 24 '20 15:07 zakird

I think this fits into our sets of lints nicely, we could even exclude OCSP/CRL lints by default.

cardonator avatar Jul 24 '20 15:07 cardonator

+1 for being able to linting CRLs too

Legrandin avatar Jan 08 '21 09:01 Legrandin

We've been reviewing the entire corpus of Mozilla Bugzilla CA incidents and this has come up for another CA.

pgporada avatar Oct 15 '21 20:10 pgporada