[cabfpub] CABLint

Doug Beattie doug.beattie at globalsign.com
Thu May 31 04:42:48 MST 2018


Hi Paul (Mantilla),

I’m forwarding along the information from Paul Van Brouwershaven.

-------------------------------
From: Paul Van Brouwershaven
Sent: Thursday, May 31, 2018 7:30 AM
To: Doug Beattie <doug.beattie at globalsign.com>;
Subject: Re: [cabfpub] CABLint

You can clone the git repository and use grep like below, this should give you a good indication of the checks.

grep -r 'messages << ' *
certlint/extensions/keyusage.rb:        messages << 'E: Unable to parse public key'
certlint/extensions/keyusage.rb:          messages << "E: Unallowed key usage for RSA public key (#{(v-allowed).join(', ')})"
certlint/extensions/keyusage.rb:            messages << 'W: Encipherment usage should not be mixed with Certificate/CRL signing'
certlint/extensions/keyusage.rb:          messages << "E: Unallowed key usage for DSA public key (#{(v-allowed).join(', ')})"
certlint/extensions/keyusage.rb:          messages << "E: Unallowed key usage for EC public key (#{(v-allowed).join(', ')})"
certlint/extensions/keyusage.rb:            messages << 'E: Key agreement required with encipher only or decipher only'
certlint/extensions/keyusage.rb:          messages << 'E: Encipher Only and Decipher Only must not both be set'
certlint/extensions/keyusage.rb:            messages << 'W: Key agreement should not be included with Certificate/CRL Signing'
certlint/extensions/keyusage.rb:          messages << "E: Unallowed key usage for DH public key (#{(v-allowed).join(', ')})"
certlint/extensions/keyusage.rb:          messages << 'E: Key Agreement must be included for DH public keys'
certlint/extensions/keyusage.rb:          messages << 'E: Encipher Only and Decipher Only must not both be set'
certlint/extensions/keyusage.rb:        messages << "I: Key usages not checked for #{cert.public_key.class}"
certlint/extensions/subjectaltname.rb:          messages << 'E: subjectAltName must be critical if subject is empty'
certlint/extensions/subjectaltname.rb:          messages << 'W: subjectAltName should not be critical'
certlint/extensions/subjectaltname.rb:        messages << 'E: subjectAltName extension must include at least one name'
certlint/extensions/nameconstraints.rb:          messages << 'E: NameConstriants must contain at least one subtree'
certlint/extensions/nameconstraints.rb:        messages << 'E: NameConstraints must include either permitted or excluded Subtrees'
certlint/extensions/ctpoison.rb:      messages << 'I: Certificate Transparency Precertificate identified'
certlint/extensions/ctpoison.rb:        messages << 'E: CT Poison must be critical'
certlint/extensions/ctpoison.rb:        messages << 'E: CT Poison must contain a single null'
certlint/extensions/certificatepolicies.rb:          messages << "E: PolicyInformation is not a sequence"
certlint/extensions/certificatepolicies.rb:            messages << "E: PolicyQualifierInfo is not a sequence"
certlint/extensions/certificatepolicies.rb:              messages << 'W: Certificate Policies should not contain notice references'
certlint/extensions/certificatepolicies.rb:                messages << 'E: Certificate Policy explicit text must not be IA5String'
certlint/extensions/certificatepolicies.rb:              messages << 'W: Certificate policy explicit text should be in unicode normalization form C'
certlint/extensions/certificatepolicies.rb:              messages << 'W: Certificate policy explicit text should not contain control characters'
certlint/extensions/certificatepolicies.rb:            messages << 'E: Bad policy qualifier id'
certlint/extensions/extkeyusagesyntax.rb:          messages << 'W: extendedKeyUsage should not be critical if Any Extended Key Usage is present'
certlint/extensions/ocspnocheck.rb:        messages << 'E: OCSP NoCheck extension must be null'
certlint/extensions/ocspnocheck.rb:        messages << "W: Extension should not be critical for #{self}"
certlint/extensions/authoritykeyidentifier.rb:          messages << 'E: AuthorityKeyIdentifier must include serial number if issuer is present'
certlint/extensions/authoritykeyidentifier.rb:        messages << 'E: AuthorityKeyIdentifier must include issuer if serial number is present'
certlint/extensions/basicconstraints.rb:          messages << 'E: basicConstraints must be critical in CA certificates'
certlint/extensions/basicconstraints.rb:          messages << 'E: Must not include pathLenConstraint on certificates that are not CA:TRUE'
certlint/extensions/signedcertificatetimestamplist.rb:        messages << 'E: SignedCertificateTimestampList must not be critical'
certlint/extensions/asn1ext.rb:      messages << 'E: No PDU defined'
certlint/extensions/asn1ext.rb:        messages << "E: Extension criticality not allowed for #{self.to_s.split(':').last}"
certlint/extensions/asn1ext.rb:        messages << "W: Extension should#{@critical_should ? '' : ' not'} be critical for #{self.to_s.split(':').last}"
certlint/certextlint.rb:        messages << "E: Opaque or unknown extension (#{oid}) marked as critical"
certlint/certextlint.rb:        messages << "W: Extension #{oid} is treated as opaque extension"
certlint/certextlint.rb:        messages << "W: Deprecated Netscape extension #{oid} treated as opaque extension"
certlint/certextlint.rb:        messages << "W: Microsoft extension #{oid} treated as opaque extension"
certlint/certextlint.rb:      messages << "W: Unknown Extension: #{oid}"
certlint/iananames.rb:        messages << 'E: Unqualified domain name'
certlint/iananames.rb:        messages << 'E: Unknown TLD'
certlint/iananames.rb:          messages << 'I: Tor Service Descriptor in SAN'
certlint/iananames.rb:          messages << 'W: Special name'
certlint/iananames.rb:        messages << 'E: Unknown type of TLD'
certlint/iananames.rb:        messages << 'E: FQDN under reserved or special domain'
certlint/iananames.rb:          messages << 'W: Bad IDN A-label in DNS Name'
certlint/iananames.rb:          messages << 'E: Wildcard to immediate left of public suffix'
certlint/iananames.rb:        messages << 'W: Domain is bare public suffix'
certlint/iananames.rb:          messages << 'E: Wildcard to immediate left of public suffix'
certlint/iananames.rb:          messages << 'W: Underscore in base domain'
certlint/pemlint.rb:              messages << 'W: PEM boundaries should not have whitespace or characters before the boundary start'
certlint/pemlint.rb:              messages << "W: PEM boundaries should start with five '-' characters"
certlint/pemlint.rb:              messages << 'E: PEM boundary must have same number of - at start and end'
certlint/pemlint.rb:              messages << 'W: PEM boundary should be in all caps'
certlint/pemlint.rb:              messages << 'E: PEM boundary should be alone on line'
certlint/pemlint.rb:            messages << 'W: Only the last PEM encoded line may be less than 64 characters'
certlint/pemlint.rb:            messages << 'W: PEM encoded lines must be 64 characters or less'
certlint/pemlint.rb:            messages << 'E: PEM encoded lines may only contain base64 characters'
certlint/pemlint.rb:            messages << 'W: PEM boundaries should not have whitespace or characters before the boundary start'
certlint/pemlint.rb:            messages << "W: PEM boundaries should start with five '-' characters"
certlint/pemlint.rb:            messages << 'E: PEM boundary must have same number of - at start and end'
certlint/pemlint.rb:            messages << 'W: PEM boundary should be in all caps'
certlint/pemlint.rb:            messages << 'E: PEM boundary should be alone on line'
certlint/pemlint.rb:        messages << 'E: Incorrect base64 encoding'
certlint/namelint.rb:          messages << 'W: Multiple attributes in a single RDN in the subject Name'
certlint/namelint.rb:            attr_messages << "W: Name has unknown attribute #{attrname}"
certlint/namelint.rb:            attr_messages << "W: Name has deprecated attribute #{attrname}"
certlint/namelint.rb:            attr_messages << "W: #{attrname} is using deprecated TeletexString"
certlint/namelint.rb:            attr_messages << "W: #{attrname} is using deprecated VideoexString"
certlint/namelint.rb:            attr_messages << "W: #{attrname} is using deprecated GraphicString"
certlint/namelint.rb:            attr_messages << "W: #{attrname} is using deprecated GeneralString"
certlint/namelint.rb:            attr_messages << "W: Unicode #{attrname} is using deprecated UniversalString"
certlint/namelint.rb:            attr_messages << "W: Unicode #{attrname} is using deprecated BMPString"
certlint/namelint.rb:              attr_messages << "W: Leading whitepsace in #{attrname}"
certlint/namelint.rb:              attr_messages << "W: Trailing whitespace in #{attrname}"
certlint/namelint.rb:              attr_messages << "E: #{attrname} is too long"
certlint/namelint.rb:              attr_messages << "E: Invalid country in #{attrname}"
certlint/namelint.rb:              attr_messages << "E: Invalid label in #{attrname}"
certlint/namelint.rb:                messages << 'W: Bad IDN A-label in DNS Name'
certlint/namelint.rb:                messages << 'E: Internationalized domain names must be in unicode normalization form C'
certlint/namelint.rb:              attr_messages << "E: #{attrname} is too long"
certlint/namelint.rb:                attr_messages << "W: #{attrname} should be encoded as IA5String"
certlint/namelint.rb:                attr_messages << "W: #{attrname} should be encoded as UF8String"
certlint/namelint.rb:        messages << "W: Name has multiple #{attrname} attributes"
certlint/namelint.rb:          messages << "E: Unparsable name: #{e.message}"
certlint/certlint.rb:      messages << "F: ASN.1 Error in #{pdu}: #{ex.message}"
certlint/certlint.rb:      messages << "E: Constraint failure in #{pdu}: #{ex.message}"
certlint/certlint.rb:        messages << "W: #{pdu} is not encoded using DER"
certlint/certlint.rb:      messages << "E: BadDER in #{pdu}"
certlint/certlint.rb:      messages << "F: Encoding error: #{e.message} in #{pdu}"
certlint/certlint.rb:        messages << "F: Bad GeneralizedTime in #{pdu}"
certlint/certlint.rb:        messages << "F: Bad UTCTime in #{pdu}"
certlint/certlint.rb:        messages << "F: Type mismatch during decode in #{pdu}"
certlint/certlint.rb:        messages << "F: Bad encoding in #{pdu}"
certlint/certlint.rb:        messages << "F: Decode error in #{pdu}: #{e.message}"
certlint/certlint.rb:            messages << "F: Incorrectly encoded UTF8String in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:            messages << "E: Null byte found in UTF8String in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:            messages << "E: Control character found in String in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:            messages << "E: Null byte found in String in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:            messages << "B: Unhandled escape found in String in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:              messages << "E: Incorrectly encoded TeletexString in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:            messages << "B: No checks for String type #{tag} in #{pdu}"# at offset #{offset}"
certlint/certlint.rb:      messages << "F: Type error during traverse in #{pdu}: #{e.message}"
certlint/certlint.rb:        messages << 'E: RSA keys must have a parameter specified'
certlint/certlint.rb:        messages << 'E: RSA keys must have a null parameter'
certlint/certlint.rb:        messages << 'E: RSA public key modulus must be positive'
certlint/certlint.rb:        messages << 'E: RSA public key exponent must be positive'
certlint/certlint.rb:          messages << 'E: RSA public key exponent must be between 3 and n - 1'
certlint/certlint.rb:        messages << 'E: DH keys must have parameters'
certlint/certlint.rb:        messages << 'E: EC keys must have parameters'
certlint/certlint.rb:        messages << "E: EC public key #{e.message}"
certlint/certlint.rb:        messages << 'E: EC Public key is infinity'
certlint/certlint.rb:        messages << 'E: EC Public key is not on curve'
certlint/certlint.rb:      messages << 'W: Unknown public key type'
certlint/certlint.rb:          messages << 'E: Time not in Zulu/GMT'
certlint/certlint.rb:          messages << 'N: Ruby may incorrectly interpret UTCTimes between 1950 and 1969'
certlint/certlint.rb:          messages << 'E: UTCTime without seconds'
certlint/certlint.rb:          messages << 'E: Time not in Zulu/GMT'
certlint/certlint.rb:          messages << 'E: Generalized Time before 2050'
certlint/certlint.rb:          messages << 'E: Generalized Time without seconds or with fractional seconds'
certlint/certlint.rb:      messages << 'E: Certificate signature algorithm does not match TBS signature algorithm'
certlint/certlint.rb:      messages << "W: Certificate signature algorithm type is unknown: #{sig_oid}"
certlint/certlint.rb:      messages << 'I: No checks for PSS yet'
certlint/certlint.rb:        messages << 'E: RSA signatures must have a parameter specified'
certlint/certlint.rb:        messages << 'E: RSA signatures must have a null parameter'
certlint/certlint.rb:        messages << 'E: DSA signatures must not have a parameter specified'
certlint/certlint.rb:        messages << 'E: ECDSA signatures must not have a parameter specified'
certlint/certlint.rb:      messages << 'F: Unable to parse Certificate'
certlint/certlint.rb:      messages << 'E: Invalid certificate version'
certlint/certlint.rb:      messages << 'E: Old certificate version (not X.509v3)'
certlint/certlint.rb:      messages << 'E: Negative serial number'
certlint/certlint.rb:      messages << 'E: Serial number must be positive'
certlint/certlint.rb:      messages << 'E: Serial numbers must be 20 octets or less'
certlint/certlint.rb:      messages << 'E: Certificate has negative validity length'
certlint/certlint.rb:      messages << 'E: issuerUniqueID is included'
certlint/certlint.rb:      messages << 'E: subjectUniqueID is included'
certlint/certlint.rb:          messages << 'N: Some python versions will not see SAN extension if it is the first extension'
certlint/certlint.rb:        messages << "E: Duplicate extension #{oid}"
certlint/certlint.rb:        messages << 'E: keyCertSign without CA:TRUE'
certlint/certlint.rb:        messages << 'E: CA:TRUE without keyCertSign'
certlint/cablint.rb:        messages << 'W: Cowardly refusing to run CAB check due to previous errors'
certlint/cablint.rb:        messages << 'E: Skipping CAB checks due to previous errors'
certlint/cablint.rb:        messages << "E: #{c.signature_algorithm} is not allowed for signing certificates"
certlint/cablint.rb:          messages << 'E: SHA-1 not allowed for signing certificates'
certlint/cablint.rb:          messages << 'W: Serial numbers for certificates using weaker hashes should have at least 64 bits of entropy'
certlint/cablint.rb:          messages << 'W: PSS is not supported by most browsers'
certlint/cablint.rb:        messages << 'W: Serial numbers should have at least 20 bits of entropy'
certlint/cablint.rb:        messages << 'E: Invalid subject public key'
certlint/cablint.rb:        messages << 'E: Invalid subject public key'
certlint/cablint.rb:          messages << 'E: RSA subject key modulus must be at least 2048 bits'
certlint/cablint.rb:          messages << 'E: RSA subject key exponent must be odd'
certlint/cablint.rb:          messages << 'E: DSA subject key p must be at least 2048 bits'
certlint/cablint.rb:          messages << 'E: DSA subject key must have FIPS 186-4 compliant parameters'
certlint/cablint.rb:          messages << 'E: EC subject key is not on allowed curve'
certlint/cablint.rb:        messages << 'E: Subject key must be RSA, DSA, or EC'
certlint/cablint.rb:            messages << "E: #{d[0]} appears to only include metadata"
certlint/cablint.rb:          messages << "E: #{d[0]} appears to only include metadata"
certlint/cablint.rb:        messages << 'I: CA certificate identified'
certlint/cablint.rb:          messages << 'E: CA certificates must include countryName in subject'
certlint/cablint.rb:          messages << 'E: CA certificates must include organizationName in subject'
certlint/cablint.rb:          messages << 'N: Some applications require CA certificates to include commonName in subject'
certlint/cablint.rb:          messages << 'W: CA certificates should not have a validity period greater than 25 years'
certlint/cablint.rb:            messages << 'W: CA certificates should not have a validity period greater than 25 years'
certlint/cablint.rb:              messages << 'W: CA certificates should not have a validity period greater than 25 years'
certlint/cablint.rb:          messages << 'E: CA certificates must include keyUsage extension'
certlint/cablint.rb:            messages << 'E: CA certificates must set keyUsage extension as critical'
certlint/cablint.rb:            messages << 'E: CA certificates must include CRL Signing'
certlint/cablint.rb:            messages << 'N: CA certificates without Digital Signature do not allow direct signing of OCSP responses'
certlint/cablint.rb:          messages << 'W: CA certificates should not include subject alternative names'
certlint/cablint.rb:        messages << 'I: EV certificate identified'
certlint/cablint.rb:          messages << 'E: EV certificates must include organizationName in subject'
certlint/cablint.rb:          messages << 'E: EV certificates must include businessCategory in subject'
certlint/cablint.rb:          messages << 'E: EV certificates must include serialNumber in subject'
certlint/cablint.rb:          messages << 'E: EV certificates must include localityName in subject'
certlint/cablint.rb:          messages << 'E: EV certificates must include countryName in subject'
certlint/cablint.rb:        messages << 'I: TLS Server certificate identified'
certlint/cablint.rb:          messages << "W: TLS Server certificates must include serverAuth key purpose in extended key usage"
certlint/cablint.rb:          messages << 'I: Intel AMT/vPro certificate identified'
certlint/cablint.rb:          messages << "W: TLS Server auth certificates should not contain #{e} usage"
certlint/cablint.rb:              messages << 'E: EV certificates must be 825 days in validity or less'
certlint/cablint.rb:            messages << 'E: EV certificates must be 27 months in validity or less'
certlint/cablint.rb:            messages << 'E: BR certificates must be 825 days in validity or less'
certlint/cablint.rb:            messages << 'W: Pre-BR certificates should not be more than 120 months in validity'
certlint/cablint.rb:            messages << 'E: BR certificates must be 39 months in validity or less'
certlint/cablint.rb:            messages << 'E: BR certificates must be 60 months in validity or less'
certlint/cablint.rb:            messages << 'E: BR certificates without organizationName must not include localityName'
certlint/cablint.rb:            messages << 'E: BR certificates without organizationName must not include stateOrProvinceName'
certlint/cablint.rb:            messages << 'E: BR certificates without organizationName must not include streetAddress'
certlint/cablint.rb:            messages << 'E: BR certificates without organizationName must not include postalCode'
certlint/cablint.rb:            messages << 'E: BR certificates with organizationName must include either localityName or stateOrProvinceName'
certlint/cablint.rb:            messages << 'E: BR certificates with organizationName must include countryName'
certlint/cablint.rb:          messages << 'W: Certificate does not include authorityInformationAccess. BRs require OCSP stapling for this certificate.'
certlint/cablint.rb:            messages << 'E: BR certificates must include an HTTP URL of the OCSP responder'
certlint/cablint.rb:            messages << 'W: BR certificates should include an HTTP URL of the issuing CA\'s certificate'
certlint/cablint.rb:          messages << 'E: BR certificates must include certificatePolicies'
certlint/cablint.rb:            messages << 'E: BR certificates must contain at least one policy'
certlint/cablint.rb:            messages << 'E: BR certificates with CRL Distribution Point must include HTTP URL'
certlint/cablint.rb:            messages << 'E: BR certificates must not include CRL Signing'
certlint/cablint.rb:            messages << 'E: BR certificates must not include Certificate Signing'
certlint/cablint.rb:          messages << 'E: BR certificates must have subject alternative names extension'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain otherName type alternative name'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain rfc822Name type alternative name'
certlint/cablint.rb:                  messages << 'E: Wildcard not in first label of FQDN'
certlint/cablint.rb:                  messages << 'E: Bare wildcard'
certlint/cablint.rb:                  messages << 'W: Wildcard other than *.<fqdn> in SAN'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain x400Address type alternative name'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain directoryName type alternative name'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain ediPartyName type alternative name'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain uniformResourceIdentifier type alternative name'
certlint/cablint.rb:              messages << 'E: BR certificates must not contain registeredID type alternative name'
certlint/cablint.rb:              messages << 'W: Duplicate SAN entry'
certlint/cablint.rb:              messages << 'W: commonNames in BR certificate contains U-labels'
certlint/cablint.rb:              messages << 'E: commonNames in BR certificates must be from SAN entries'
certlint/cablint.rb:        messages << 'I: No certificate type identified'
certlint/generalnames.rb:          messages << "I: No checks for OtherName type #{oid}"
certlint/generalnames.rb:          messages << "I: Missing check for OtherName #{checker}"
certlint/generalnames.rb:        messages << "I: No checks for unknown OtherName type #{oid}"
certlint/generalnames.rb:        messages << 'E: RFC822Name has empty value'
certlint/generalnames.rb:        messages << 'E: RFC822Name includes null'
certlint/generalnames.rb:        messages << 'E: Invalid padding in RFC822Name'
certlint/generalnames.rb:          messages << 'E: RFC822Name without @'
certlint/generalnames.rb:          messages << 'E: RFC822Name domain must not start with .'
certlint/generalnames.rb:        messages << 'E: RFC822Name without domain'
certlint/generalnames.rb:        messages << 'E: RFC822Name with invalid domain'
certlint/generalnames.rb:          messages << 'W: Bad IDN A-label in Email Address'
certlint/generalnames.rb:          messages << 'E: Internationalized domain names must be in unicode normalization form C'
certlint/generalnames.rb:        messages << 'E: RFC822Name without local part'
certlint/generalnames.rb:        messages << 'W: RFC822Name with quoted local part'
certlint/generalnames.rb:        messages << 'E: RFC822Name with invalid local part'
certlint/generalnames.rb:        messages << 'E: DNSName is empty'
certlint/generalnames.rb:        messages << 'F: DNSName is not a string'
certlint/generalnames.rb:        messages << 'E: DNSName includes null'
certlint/generalnames.rb:        messages << 'E: DNSName is not in preferred syntax'
certlint/generalnames.rb:        messages << 'E: DNSName must not start with .'
certlint/generalnames.rb:        messages << 'E: DNSName is not FQDN'
certlint/generalnames.rb:        messages << 'E: FQDN in DNSName is too long'
certlint/generalnames.rb:          messages << 'E: Wildcard in FQDN'
certlint/generalnames.rb:        messages << 'W: Underscore should not appear in DNS names'
certlint/generalnames.rb:          messages << 'W: Bad IDN A-label in DNS Name'
certlint/generalnames.rb:          messages << 'E: Internationalized domain names must be in unicode normalization form C'
certlint/generalnames.rb:          messages << 'F: RFC822Name is not a String'
certlint/generalnames.rb:          messages << 'F: DNS Name is not a String'
certlint/generalnames.rb:          messages << "E: X400Address is empty"
certlint/generalnames.rb:        messages << "I: No checks for X400Address"
certlint/generalnames.rb:          messages << "E: DirectoryName is empty"
certlint/generalnames.rb:        messages << "I: No checks for DirectoryName"
certlint/generalnames.rb:          messages << "E: EDIPartyName is empty"
certlint/generalnames.rb:        messages << "I: No checks for EDIPartyName"
certlint/generalnames.rb:          messages << "E: URI is empty"
certlint/generalnames.rb:        messages << "I: No checks for URI"
certlint/generalnames.rb:            messages << 'E: Invalid IP address in SAN'
certlint/generalnames.rb:            messages << 'E: Invalid IP address in constraint'
certlint/generalnames.rb:          messages << 'E: RegisteredId is empty'
certlint/generalnames.rb:        messages << "I: No checks for RegisteredId"
certlint/generalnames.rb:        messages << 'E: Unknown type of name in subjectAltName'



From: Paul Mantilla [mailto:paulmantilla at hotmail.com]
Sent: Wednesday, May 30, 2018 5:50 PM
To: Doug Beattie <doug.beattie at globalsign.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] CABLint

Hello guys, as a side question, is it possible to have a list of all the test run by certlint/cablint? Since If I run the tool in the command line, if all the tests passed I get nothing, no message, so I am never sure of what really happened.

I’ve searched a lot, even in the GitHub repo, but I couldn’t find the list of tests these lints contain
Please advice
Thanks



On Apr 16, 2018, at 4:00 PM, Doug Beattie via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Hi Dave,

I was looking just at the very top level and see there are more Commits, Closed Issues, and contributors for zlint, but if cablint has a new maintainer to keep it up to date, then having 2 independent checkers will help find bugs or inconsistencies in the other lint.

Doug

From: Blunt, Dave [mailto:dblunt at amazon.com]
Sent: Friday, April 13, 2018 5:29 PM
To: Doug Beattie <doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>>; CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>; Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>>; Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>
Subject: RE: [cabfpub] CABLint


Tim – I’m transitioning into Peter’s role as maintainer of the cablint maintained under awslabs. Do you have concerns or suggestions for changes?

Doug, if you aren’t sure how zlint and cablint stack up, what is the recommendation to use zlint based on?

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Doug Beattie via Public
Sent: Friday, April 13, 2018 1:28 PM
To: Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>>; CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>; Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>
Subject: Re: [cabfpub] CABLint

We’ve shifted our efforts towards zlint and away from the GlobalSign certlint as our future validation tool.  I’m not sure how zlint and cablint stack up with each other but having 2 open source projects is going to be extra work to maintain and keep current.  I’d recommend zlint for those that can use it.

Dug

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Friday, April 13, 2018 3:57 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>; CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>
Subject: Re: [cabfpub] CABLint

There's been several duplicate names

Are you talking about the 'cablint' portion of the AWSLabs certlint - https://github.com/awslabs/certlint ? That is what is referred to as 'cablint' on crt.sh

Not to be confused with the GlobalSign certlint ( https://github.com/globalsign/certlint )

On Fri, Apr 13, 2018 at 3:38 PM, Tim Hollebeek via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:

Who is maintaining CABLint these days?  And where?

-Tim


_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public

_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180531/1529cad4/attachment-0001.html>


More information about the Public mailing list