expand subject DN informational only lint#287
Merged
cpu merged 3 commits intozmap:masterfrom Jun 10, 2019
Merged
Conversation
… ascii table. Also remove seperate checks for serial and domainComponent as they are part of pkix.Names
Member
|
@tadukurow Can you resolve conflicts with master when you have a chance? I'll endeavour to give this a 🔍 in the next few days. |
Contributor
Author
|
@cpu did you mean rebase off master? because I don't see any conflicts |
Member
Yup! I mis-read the Github status message. On the repositories I spend most of my time we don't have the "Require branches to be up to date before merging" checkbox checked and so only conflicts cause that kind of status block. Zlint requires all PRs be current with master. |
cardonator
reviewed
Jun 6, 2019
cpu
approved these changes
Jun 10, 2019
Member
cpu
left a comment
cpu
left a comment
There was a problem hiding this comment.
Thanks @tadukurow, I don't have any feedback ☑️
Contributor
Author
|
Thanks @cpu! |
aaomidi
pushed a commit
to aaomidi/zlint
that referenced
this pull request
Nov 29, 2022
…ng (zmap#298) * backporting asn1, pkix to allow permissive parsing (zmap#284) * forking from golang.org/x/crypto/cryptobyte to allow permissive parsing * Allow permissive asn1 parsing on UTF8, integer and NameConstraints (zmap#287) * Allow permissive asn1 parsing on UTF8, integer and NameConstraints * Allow permissive asn1 parsing on UTF8, integer and NameConstraints, NumericString * Allow permissive parsing: IA5, integer min len (zmap#289) * Fix Name.String() to legacy behavior, permissive parsing asn1.IA5String (zmap#292) * deps: update publicsuffix-go for 2021-05-11T10:35:34 UTC * deps: update publicsuffix-go for 2021-05-13T08:40:11 UTC * deps: update publicsuffix-go for 2021-05-21T08:41:21 UTC * deps: update publicsuffix-go for 2021-05-27T09:03:28 UTC * Allow permissive parsing: IA5, integer min len * Fix Name.String() to legacy behavior Co-authored-by: GitHub <[email protected]> * Fix RDNSequence.String() to print user friendly names (zmap#294) * Merge branch master into feature/parse_certs (zmap#296) * deps: update publicsuffix-go for 2021-05-11T10:35:34 UTC * deps: update publicsuffix-go for 2021-05-13T08:40:11 UTC * deps: update publicsuffix-go for 2021-05-21T08:41:21 UTC * deps: update publicsuffix-go for 2021-05-27T09:03:28 UTC * deps: update publicsuffix-go for 2021-06-01T15:03:13 UTC * Fix RDNSequence.String() to print user friendly names * Porting ocsp package from the latest standard lib (zmap#279) Co-authored-by: Zakir Durumeric <[email protected]> * deps: update publicsuffix-go for 2021-06-07T12:03:41 UTC Co-authored-by: GitHub <[email protected]> Co-authored-by: Daniel McCarney <[email protected]> Co-authored-by: Zakir Durumeric <[email protected]> Co-authored-by: Benjamin Wireman <[email protected]> Co-authored-by: GitHub <[email protected]> Co-authored-by: Daniel McCarney <[email protected]> Co-authored-by: Zakir Durumeric <[email protected]> Co-authored-by: Jeff Cody <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Expanded the check for no metadata only in subject DN to check for subject DN fields containing no characters in a-Z0-9 or outside of ascii table. This catches more than just checking for ".", "-", " ". Also remove separate checks for serial and domainComponent as they are part of pkix.Names so separate checking was redundant.
This will help zlint catch issues that CABLint catches today such as
https://crt.sh/?id=106177929&opt=zlint,cablint,x509lint
https://crt.sh/?id=134328239&opt=cablint,zlint
https://crt.sh/?id=26408912&opt=cablint,zlint
As far as I know there aren't any combinations of characters outside of a-Z0-9 and UTF8 which wouldn't be described as metadata only. This assumption needs some scrutiny though.
The new check is still susceptible to UTF8 runes metadata only.