From bf3764c2b225b5942bea7e96de3d429e1a4cb093 Mon Sep 17 00:00:00 2001 From: Phil Porada Date: Sun, 9 Jun 2024 13:21:44 -0400 Subject: [PATCH 1/3] Cleanup some unnecessary allocations (#849) Co-authored-by: Christopher Henderson --- .../lint_crl_revoked_certificates_field_empty.go | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go b/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go index 3fe809bb4..4ab576d37 100644 --- a/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go +++ b/v3/lints/rfc/lint_crl_revoked_certificates_field_empty.go @@ -64,23 +64,14 @@ func (l *revokedCertificates) Execute(c *x509.RevocationList) *lint.LintResult { // or confirmed to be missing from the ASN.1 data structure. input := cryptobyte.String(c.Raw) - // From crypto/x509/parser.go: we read the SEQUENCE including length and tag - // bytes so that we can populate RevocationList.Raw, before unwrapping the - // SEQUENCE so it can be operated on - if !input.ReadASN1Element(&input, cryptobyte_asn1.SEQUENCE) { - return &lint.LintResult{Status: lint.Fatal, Details: "malformed CRL"} - } + // Extract the CertificateList if !input.ReadASN1(&input, cryptobyte_asn1.SEQUENCE) { return &lint.LintResult{Status: lint.Fatal, Details: "malformed CRL"} } var tbs cryptobyte.String - // From crypto/x509/parser.go: do the same trick again as above to extract - // the raw bytes for Certificate.RawTBSCertificate - if !input.ReadASN1Element(&tbs, cryptobyte_asn1.SEQUENCE) { - return &lint.LintResult{Status: lint.Fatal, Details: "malformed TBS CRL"} - } - if !tbs.ReadASN1(&tbs, cryptobyte_asn1.SEQUENCE) { + // Extract the TBSCertList from the CertificateList + if !input.ReadASN1(&tbs, cryptobyte_asn1.SEQUENCE) { return &lint.LintResult{Status: lint.Fatal, Details: "malformed TBS CRL"} } From b14a83bb192056a51b26cb9d66370fa7d978f373 Mon Sep 17 00:00:00 2001 From: Martijn Katerbarg Date: Sun, 9 Jun 2024 19:30:35 +0200 Subject: [PATCH 2/3] fix: Only apply CN check for Subscriber certificates (#851) Co-authored-by: Christopher Henderson --- v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go index d622f7466..b68a66d63 100644 --- a/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go +++ b/v3/lints/cabf_smime_br/lint_commonname_mailbox_validated.go @@ -40,7 +40,7 @@ func NewCommonNameMailboxValidated() lint.LintInterface { } func (l *commonNameMailboxValidated) CheckApplies(c *x509.Certificate) bool { - return util.IsMailboxValidatedCertificate(c) + return util.IsMailboxValidatedCertificate(c) && util.IsSubscriberCert(c) } func (l *commonNameMailboxValidated) Execute(c *x509.Certificate) *lint.LintResult { From ae8d59405f1926eb418d496cd0415b8a4fa88e04 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 12 Jun 2024 23:52:44 -0400 Subject: [PATCH 3/3] util: gtld_map autopull updates for 2024-06-12T22:19:30 UTC (#854) Co-authored-by: GitHub --- v3/util/gtld_map.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/util/gtld_map.go b/v3/util/gtld_map.go index 0dc054549..42be89385 100644 --- a/v3/util/gtld_map.go +++ b/v3/util/gtld_map.go @@ -4416,7 +4416,7 @@ var tldMap = map[string]GTLDPeriod{ "natura": { GTLD: "natura", DelegationDate: "2016-02-11", - RemovalDate: "", + RemovalDate: "2024-06-12", }, "navy": { GTLD: "navy",