lint_single_email_if_present.go Checks SANs instead of Subject #795
Comments
|
You're right about the reference, it should be 7.1.4.2.2.h. You're also right that the target of the current check is the SANs and not the subject as specified in the BR. I can work on a patch for that. Please note that the referenced requirement does not state that only one Subject EmailAddress field is allowed in a compliant certificate, but that each Subject EmailAddress field contains only a single email address. Currently this lint is technically wrong per reference but not practically wrong in implementation: each Subject EmailAddress must appear as a SAN in the certificate, and therefore each SAN EmailAddress should also only contain a single email address. |
* lint about the encoding of qcstatements for PSD2 * Revert "lint about the encoding of qcstatements for PSD2" This reverts commit 6c23670. * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC * always check and perform the operation in the execution * synchronised with project * synchronised with project * synchronised with project * synchronised with project * added same lint for subject values instead of SAN values * resolved conflict issue * addressed review comments and hint to citation from #795 --------- Co-authored-by: mtg <git@mtg.de> Co-authored-by: GitHub <noreply@github.com> Co-authored-by: Christopher Henderson <chris@chenderson.org> Co-authored-by: Zakir Durumeric <zakird@gmail.com>
* lint about the encoding of qcstatements for PSD2 * Revert "lint about the encoding of qcstatements for PSD2" This reverts commit 6c23670. * util: gtld_map autopull updates for 2021-10-21T07:25:20 UTC * always check and perform the operation in the execution * synchronised with project * synchronised with project * synchronised with project * synchronised with project * added same lint for subject values instead of SAN values * resolved conflict issue * addressed review comments and hint to citation from #795 * addressing issue #795 and review comments of PR #802 --------- Co-authored-by: mtg <git@mtg.de> Co-authored-by: GitHub <noreply@github.com> Co-authored-by: Christopher Henderson <chris@chenderson.org>
|
@jdkasten and @cardonator is the discussion in this issue covered by PR #808? If yes, this issue could be closed. |
I believe the lint
Name: "e_single_email_if_present",
Description: "If present, the subject:emailAddress SHALL contain a single Mailbox Address",
Citation: "7.1.4.2.h"
refers to this requirement which is specifically about the subject's relative distingished names rather than subject alternative names.
The lint's code iterates over c.EmailAddresses, which is the the subject alternative name email addresses and not those potentially contained in the subject [documentation]. There should only be one email address in the subject's distinguished name.
I also believe that the citation should be changed to
7.1.4.2.2.hrather than its current7.1.4.2.h.The text was updated successfully, but these errors were encountered: