v2.2.0
The ZMap team is happy to share ZLint v2.2.0. This minor release
primarily includes bug fixes and new lints.
New Lints:
* New RFC 5280 Lints
* `e_cert_sig_alg_not_match_tbs_sig_alg` to verify `tbsCertificate` algorithm
matches certificate's signature algorithm.
* New CA/Browser Forum Lints:
* `e_san_dns_name_onion_invalid` to validate `.onion` certificate subject
addresses are well-formed.
Updated Lints:
* `e_ext_tor_service_descriptor_hash_invalid` updated for Ballot SC27 to only
require the extension for EV certificates.
Removed Lints:
* `e_sub_ca_aia_does_not_contain_ocsp_url`, as of Ballot SC31 this lint is no
longer required.
Command Line Utility Updates:
* `-summary` and `-longSummary` command line flags added to `zlint` utility
for presenting lint results in a human-readable tabular form.
Bug Fixes:
* `lint_ev_valid_time_too_long` maximum validity calculation fixed and
source/citation/package corrected to CABF EV Guidelines.
* `e_ev_business_category_missing`, `e_ev_country_name_missing`,
`e_ev_organization_name_missing`, and `e_ev_serial_number_missing`
`e_ev_serial_number_missing` source/citation/package corrected to CABF EV
Guidelines.
* `e_tls_server_cert_valid_time_longer_than_398_days` fixed to not apply to CA
certificates.
* `e_tls_server_cert_valid_time_longer_than_398_days` fixed off-by-one
calculation of validity period.
Misc:
* README updates.
* Updated ZCrypto dependency (Added QCStatement support).
* Updated TLD data (Current to 2020-09-08).