<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi Paul (Mantilla),<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m forwarding along the information from Paul Van Brouwershaven.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-------------------------------<o:p></o:p></p>
<p class="MsoNormal"><b>From:</b> Paul Van Brouwershaven <br>
<b>Sent:</b> Thursday, May 31, 2018 7:30 AM<br>
<b>To:</b> Doug Beattie <doug.beattie@globalsign.com>; <br>
<b>Subject:</b> Re: [cabfpub] CABLint<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">You can clone the git repository and use grep like below, this should give you a good indication of the checks.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">grep -r 'messages << ' *<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'E: Unable to parse public key'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << "E: Unallowed key usage for RSA public key (#{(v-allowed).join(', ')})"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'W: Encipherment usage should not be mixed with Certificate/CRL signing'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << "E: Unallowed key usage for DSA public key (#{(v-allowed).join(', ')})"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << "E: Unallowed key usage for EC public key (#{(v-allowed).join(', ')})"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'E: Key agreement required with encipher only or decipher only'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'E: Encipher Only and Decipher Only must not both be set'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'W: Key agreement should not be included with Certificate/CRL Signing'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << "E: Unallowed key usage for DH public key (#{(v-allowed).join(', ')})"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'E: Key Agreement must be included for DH public keys'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << 'E: Encipher Only and Decipher Only must not both be set'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/keyusage.rb: messages << "I: Key usages not checked for #{cert.public_key.class}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/subjectaltname.rb: messages << 'E: subjectAltName must be critical if subject is empty'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/subjectaltname.rb: messages << 'W: subjectAltName should not be critical'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/subjectaltname.rb: messages << 'E: subjectAltName extension must include at least one name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/nameconstraints.rb: messages << 'E: NameConstriants must contain at least one subtree'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/nameconstraints.rb: messages << 'E: NameConstraints must include either permitted or excluded Subtrees'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/ctpoison.rb: messages << 'I: Certificate Transparency Precertificate identified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/ctpoison.rb: messages << 'E: CT Poison must be critical'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/ctpoison.rb: messages << 'E: CT Poison must contain a single null'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << "E: PolicyInformation is not a sequence"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << "E: PolicyQualifierInfo is not a sequence"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << 'W: Certificate Policies should not contain notice references'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << 'E: Certificate Policy explicit text must not be IA5String'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << 'W: Certificate policy explicit text should be in unicode normalization form C'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << 'W: Certificate policy explicit text should not contain control characters'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/certificatepolicies.rb: messages << 'E: Bad policy qualifier id'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/extkeyusagesyntax.rb: messages << 'W: extendedKeyUsage should not be critical if Any Extended Key Usage is present'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/ocspnocheck.rb: messages << 'E: OCSP NoCheck extension must be null'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/ocspnocheck.rb: messages << "W: Extension should not be critical for #{self}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/authoritykeyidentifier.rb: messages << 'E: AuthorityKeyIdentifier must include serial number if issuer is present'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/authoritykeyidentifier.rb: messages << 'E: AuthorityKeyIdentifier must include issuer if serial number is present'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/basicconstraints.rb: messages << 'E: basicConstraints must be critical in CA certificates'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/basicconstraints.rb: messages << 'E: Must not include pathLenConstraint on certificates that are not CA:TRUE'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/signedcertificatetimestamplist.rb: messages << 'E: SignedCertificateTimestampList must not be critical'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/asn1ext.rb: messages << 'E: No PDU defined'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/asn1ext.rb: messages << "E: Extension criticality not allowed for #{self.to_s.split(':').last}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/extensions/asn1ext.rb: messages << "W: Extension should#{@critical_should ? '' : ' not'} be critical for #{self.to_s.split(':').last}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certextlint.rb: messages << "E: Opaque or unknown extension (#{oid}) marked as critical"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certextlint.rb: messages << "W: Extension #{oid} is treated as opaque extension"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certextlint.rb: messages << "W: Deprecated Netscape extension #{oid} treated as opaque extension"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certextlint.rb: messages << "W: Microsoft extension #{oid} treated as opaque extension"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certextlint.rb: messages << "W: Unknown Extension: #{oid}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'E: Unqualified domain name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'E: Unknown TLD'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'I: Tor Service Descriptor in SAN'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'W: Special name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'E: Unknown type of TLD'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'E: FQDN under reserved or special domain'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'W: Bad IDN A-label in DNS Name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'E: Wildcard to immediate left of public suffix'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'W: Domain is bare public suffix'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'E: Wildcard to immediate left of public suffix'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/iananames.rb: messages << 'W: Underscore in base domain'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'W: PEM boundaries should not have whitespace or characters before the boundary start'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << "W: PEM boundaries should start with five '-' characters"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'E: PEM boundary must have same number of - at start and end'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'W: PEM boundary should be in all caps'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'E: PEM boundary should be alone on line'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'W: Only the last PEM encoded line may be less than 64 characters'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'W: PEM encoded lines must be 64 characters or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'E: PEM encoded lines may only contain base64 characters'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'W: PEM boundaries should not have whitespace or characters before the boundary start'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << "W: PEM boundaries should start with five '-' characters"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'E: PEM boundary must have same number of - at start and end'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'W: PEM boundary should be in all caps'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'E: PEM boundary should be alone on line'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/pemlint.rb: messages << 'E: Incorrect base64 encoding'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: messages << 'W: Multiple attributes in a single RDN in the subject Name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: Name has unknown attribute #{attrname}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: Name has deprecated attribute #{attrname}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: #{attrname} is using deprecated TeletexString"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: #{attrname} is using deprecated VideoexString"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: #{attrname} is using deprecated GraphicString"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: #{attrname} is using deprecated GeneralString"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: Unicode #{attrname} is using deprecated UniversalString"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: Unicode #{attrname} is using deprecated BMPString"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: Leading whitepsace in #{attrname}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: Trailing whitespace in #{attrname}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "E: #{attrname} is too long"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "E: Invalid country in #{attrname}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "E: Invalid label in #{attrname}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: messages << 'W: Bad IDN A-label in DNS Name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: messages << 'E: Internationalized domain names must be in unicode normalization form C'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "E: #{attrname} is too long"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: #{attrname} should be encoded as IA5String"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: attr_messages << "W: #{attrname} should be encoded as UF8String"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: messages << "W: Name has multiple #{attrname} attributes"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/namelint.rb: messages << "E: Unparsable name: #{e.message}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: ASN.1 Error in #{pdu}: #{ex.message}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: Constraint failure in #{pdu}: #{ex.message}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "W: #{pdu} is not encoded using DER"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: BadDER in #{pdu}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Encoding error: #{e.message} in #{pdu}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Bad GeneralizedTime in #{pdu}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Bad UTCTime in #{pdu}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Type mismatch during decode in #{pdu}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Bad encoding in #{pdu}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Decode error in #{pdu}: #{e.message}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Incorrectly encoded UTF8String in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: Null byte found in UTF8String in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: Control character found in String in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: Null byte found in String in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "B: Unhandled escape found in String in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: Incorrectly encoded TeletexString in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "B: No checks for String type #{tag} in #{pdu}"# at offset #{offset}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "F: Type error during traverse in #{pdu}: #{e.message}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA keys must have a parameter specified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA keys must have a null parameter'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA public key modulus must be positive'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA public key exponent must be positive'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA public key exponent must be between 3 and n - 1'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: DH keys must have parameters'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: EC keys must have parameters'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: EC public key #{e.message}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: EC Public key is infinity'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: EC Public key is not on curve'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'W: Unknown public key type'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Time not in Zulu/GMT'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'N: Ruby may incorrectly interpret UTCTimes between 1950 and 1969'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: UTCTime without seconds'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Time not in Zulu/GMT'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Generalized Time before 2050'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Generalized Time without seconds or with fractional seconds'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Certificate signature algorithm does not match TBS signature algorithm'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "W: Certificate signature algorithm type is unknown: #{sig_oid}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'I: No checks for PSS yet'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA signatures must have a parameter specified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: RSA signatures must have a null parameter'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: DSA signatures must not have a parameter specified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: ECDSA signatures must not have a parameter specified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'F: Unable to parse Certificate'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Invalid certificate version'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Old certificate version (not X.509v3)'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Negative serial number'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Serial number must be positive'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Serial numbers must be 20 octets or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: Certificate has negative validity length'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: issuerUniqueID is included'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: subjectUniqueID is included'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'N: Some python versions will not see SAN extension if it is the first extension'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << "E: Duplicate extension #{oid}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: keyCertSign without CA:TRUE'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/certlint.rb: messages << 'E: CA:TRUE without keyCertSign'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Cowardly refusing to run CAB check due to previous errors'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: Skipping CAB checks due to previous errors'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << "E: #{c.signature_algorithm} is not allowed for signing certificates"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: SHA-1 not allowed for signing certificates'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Serial numbers for certificates using weaker hashes should have at least 64 bits of entropy'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: PSS is not supported by most browsers'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Serial numbers should have at least 20 bits of entropy'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: Invalid subject public key'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: Invalid subject public key'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: RSA subject key modulus must be at least 2048 bits'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: RSA subject key exponent must be odd'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: DSA subject key p must be at least 2048 bits'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: DSA subject key must have FIPS 186-4 compliant parameters'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EC subject key is not on allowed curve'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: Subject key must be RSA, DSA, or EC'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << "E: #{d[0]} appears to only include metadata"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << "E: #{d[0]} appears to only include metadata"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'I: CA certificate identified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: CA certificates must include countryName in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: CA certificates must include organizationName in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'N: Some applications require CA certificates to include commonName in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: CA certificates should not have a validity period greater than 25 years'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: CA certificates should not have a validity period greater than 25 years'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: CA certificates should not have a validity period greater than 25 years'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: CA certificates must include keyUsage extension'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: CA certificates must set keyUsage extension as critical'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: CA certificates must include CRL Signing'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'N: CA certificates without Digital Signature do not allow direct signing of OCSP responses'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: CA certificates should not include subject alternative names'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'I: EV certificate identified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must include organizationName in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must include businessCategory in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must include serialNumber in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must include localityName in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must include countryName in subject'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'I: TLS Server certificate identified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << "W: TLS Server certificates must include serverAuth key purpose in extended key usage"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'I: Intel AMT/vPro certificate identified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << "W: TLS Server auth certificates should not contain #{e} usage"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must be 825 days in validity or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: EV certificates must be 27 months in validity or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must be 825 days in validity or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Pre-BR certificates should not be more than 120 months in validity'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must be 39 months in validity or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must be 60 months in validity or less'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates without organizationName must not include localityName'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates without organizationName must not include stateOrProvinceName'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates without organizationName must not include streetAddress'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates without organizationName must not include postalCode'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates with organizationName must include either localityName or stateOrProvinceName'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates with organizationName must include countryName'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Certificate does not include authorityInformationAccess. BRs require OCSP stapling for this certificate.'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must include an HTTP URL of the OCSP responder'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: BR certificates should include an HTTP URL of the issuing CA\'s certificate'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must include certificatePolicies'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must contain at least one policy'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates with CRL Distribution Point must include HTTP URL'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not include CRL Signing'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not include Certificate Signing'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must have subject alternative names extension'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain otherName type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain rfc822Name type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: Wildcard not in first label of FQDN'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: Bare wildcard'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Wildcard other than *.<fqdn> in SAN'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain x400Address type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain directoryName type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain ediPartyName type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain uniformResourceIdentifier type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: BR certificates must not contain registeredID type alternative name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: Duplicate SAN entry'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'W: commonNames in BR certificate contains U-labels'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'E: commonNames in BR certificates must be from SAN entries'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/cablint.rb: messages << 'I: No certificate type identified'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for OtherName type #{oid}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: Missing check for OtherName #{checker}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for unknown OtherName type #{oid}"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name has empty value'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name includes null'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Invalid padding in RFC822Name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name without @'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name domain must not start with .'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name without domain'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name with invalid domain'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'W: Bad IDN A-label in Email Address'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Internationalized domain names must be in unicode normalization form C'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name without local part'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'W: RFC822Name with quoted local part'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RFC822Name with invalid local part'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: DNSName is empty'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'F: DNSName is not a string'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: DNSName includes null'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: DNSName is not in preferred syntax'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: DNSName must not start with .'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: DNSName is not FQDN'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: FQDN in DNSName is too long'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Wildcard in FQDN'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'W: Underscore should not appear in DNS names'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'W: Bad IDN A-label in DNS Name'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Internationalized domain names must be in unicode normalization form C'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'F: RFC822Name is not a String'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'F: DNS Name is not a String'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "E: X400Address is empty"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for X400Address"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "E: DirectoryName is empty"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for DirectoryName"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "E: EDIPartyName is empty"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for EDIPartyName"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "E: URI is empty"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for URI"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Invalid IP address in SAN'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Invalid IP address in constraint'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: RegisteredId is empty'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << "I: No checks for RegisteredId"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">certlint/generalnames.rb: messages << 'E: Unknown type of name in subjectAltName'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a name="_MailEndCompose"><o:p> </o:p></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Paul Mantilla [mailto:paulmantilla@hotmail.com]
<br>
<b>Sent:</b> Wednesday, May 30, 2018 5:50 PM<br>
<b>To:</b> Doug Beattie <doug.beattie@globalsign.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br>
<b>Subject:</b> Re: [cabfpub] CABLint<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello guys, as a side question, is it possible to have a list of all the test run by certlint/cablint? Since If I run the tool in the command line, if all the tests passed I get nothing, no message, so I am never sure of what really happened.
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I’ve searched a lot, even in the GitHub repo, but I couldn’t find the list of tests these lints contain<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Please advice <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Apr 16, 2018, at 4:00 PM, Doug Beattie via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Hi Dave,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I was looking just at the very top level and see there are more Commits, Closed Issues, and contributors for zlint, but if cablint has a new maintainer to keep it up to date, then having 2 independent checkers will help find bugs or inconsistencies
in the other lint.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Doug <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Blunt, Dave [<a href="mailto:dblunt@amazon.com">mailto:dblunt@amazon.com</a>]
<br>
<b>Sent:</b> Friday, April 13, 2018 5:29 PM<br>
<b>To:</b> Doug Beattie <<a href="mailto:doug.beattie@globalsign.com">doug.beattie@globalsign.com</a>>; CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>>; Ryan Sleevi <<a href="mailto:sleevi@google.com">sleevi@google.com</a>>;
Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>><br>
<b>Subject:</b> RE: [cabfpub] CABLint<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Tim – I’m transitioning into Peter’s role as maintainer of the cablint maintained under awslabs. Do you have concerns or suggestions for changes?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Doug, if you aren’t sure how zlint and cablint stack up, what is the recommendation to use zlint based on?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Public [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Doug Beattie via Public<br>
<b>Sent:</b> Friday, April 13, 2018 1:28 PM<br>
<b>To:</b> Ryan Sleevi <<a href="mailto:sleevi@google.com">sleevi@google.com</a>>; CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>>; Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>><br>
<b>Subject:</b> Re: [cabfpub] CABLint<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">We’ve shifted our efforts towards zlint and away from the GlobalSign certlint as our future validation tool. I’m not sure how zlint and cablint stack up with each other but having 2 open source projects is going to be extra work to maintain
and keep current. I’d recommend zlint for those that can use it.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Dug<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Public [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ryan Sleevi via Public<br>
<b>Sent:</b> Friday, April 13, 2018 3:57 PM<br>
<b>To:</b> Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>>; CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br>
<b>Subject:</b> Re: [cabfpub] CABLint<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">There's been several duplicate names<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Are you talking about the 'cablint' portion of the AWSLabs certlint - <a href="https://github.com/awslabs/certlint">https://github.com/awslabs/certlint</a> ? That is what is referred to as 'cablint' on crt.sh<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Not to be confused with the GlobalSign certlint ( <a href="https://github.com/globalsign/certlint">https://github.com/globalsign/certlint</a> )<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Fri, Apr 13, 2018 at 3:38 PM, Tim Hollebeek via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Who is maintaining CABLint these days? And where?<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#888888"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#888888">-Tim</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#888888"> </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>