Framework for linting OSCP responses#917
Conversation
|
Howdy @kowshikRoy! This is very cool, although I do need help understanding the impetus for support OSCP response linting. Is there a history of non-compliance with RFC 6960 that would help me get a sense of the need for an OCSP linter? Or would you happen to have insights into CAs wishing that they had this linter? I'm not opposed to such additions to ZLint. I would consider OCSP within the realm of the web PKI and thus not outside ZLint's jurisdiction in the slightest. However, I also do not wish to maintain code for which no CA has shown an interest in using. |
|
Hi @christopher-henderson |
christopher-henderson
left a comment
christopher-henderson
left a comment
There was a problem hiding this comment.
Thank you very much for doing this legwork @kowshikRoy. Both on the code itself as well as digging up past conversations.
This isn't an action item for this pull request, more of a meta comment to myself, but it is quite clear that this codebase has gotten a bit redundant. It could benefit from, perhaps, generics. I had shyed away from generics several years ago as ZLint is indeed used as a library and I didn't want to force a Golang upgrade across the ecosystem. But it's been some time, so I may revisit the topic.
| } else if l := r.ocspResponseLints.ByName(name); l != nil { | ||
| meta = l.LintMetadata | ||
| registerFunc = func() error { | ||
| if err := filteredRegistry.registerOcspResponseLint(l); err != nil { |
There was a problem hiding this comment.
| if err := filteredRegistry.registerOcspResponseLint(l); err != nil { | |
| return filteredRegistry.registerOcspResponseLint(l) { |
| // RegisterOcspResponseLint must be called once for each OcspResponseLint to be executed. | ||
| // Normally, RegisterOcspResponseLint is called from the Go init() function of a lint implementation. | ||
| // | ||
| // IMPORTANT: RegisterOcspResponseLint will panic if given a nil lint, or a lint |
There was a problem hiding this comment.
Thank you for the panic documentation.
| * permissions and limitations under the License. | ||
| */ | ||
|
|
||
| import ( |
There was a problem hiding this comment.
Thank you for some first lints to show the system in action.
2 participants
Support for OCSP Response Linting