All notable changes to this project from version 0.9.3 onwards are documented in this file.
- Reformat codebase to use Black (#125)
- Fix typo in finding code for multiple TLS BR policy OIDs in Subscriber certificates (#122 - found by @robstradling)
- Add REST API endpoint for linting certificates with the PKIX linter (#119)
- Add support for Python 3.13 (#120)
- Add REST API for linting CRLs (#113 - implemented by @dipaktilekar)
- Add validator to flag HTML entities in subject attribute values (#116)
- Add --document-format CLI flag (#115)
- Remove duplicate registration of GeneralNameIpAddressSyntaxValidator in CRL linter (#103 - found by @zzzsz)
- Amend finding code for CRL reason code validator (#104 - found by @zzzsz)
- Remove duplicate registration of CRL validity period validator, fix positive validity period validator (#106 - found by @zzzsz)
- Use pyasn1-fasder for ASN.1 DER decoding by default (#98)
- Add support for S/MIME working group ballot SMC-08 (#101)
- NCP-w legal person and natural person final certificates are incorrectly detected as pre-certificates (#92 - fixed by @robstradling)
- Gracefully handle mis-encoded extensions and fields exposed as properties (#88)
- Add support for PEM-encoded OCSP responses (#86)
- Add validator to verify that the PSD2 policy OID is only asserted in PSD2 certificates (#87)
- Add validator to flag insignificant attribute values (#84)
- Perform case-sensitive match for ISO 3166-1 country codes (#83)
- Add support for linting ETSI website authentication certificates (#80)
- Add opt-in support for using pyasn1-fasder to decode DER (#81)
- Add support for SMIME BR ballot SMC-06 (#74)
- Flag invalid domain name length in GeneralName types (#78)
- Add support for TLS BR ballot SC-72 (#73). The effective date of this change is 2024-05-06.
- Clamp CLI exit codes (#76)
- Add REST API endpoints for linting OCSP responses (#62 - implemented by @mans-andersson)
- Handle malformed inputs given via the CLI more gracefully (#63 - fixed by @ralienpp)
- Pin validators package version to work around issue in latest version (#65)
- SC-68: Allow EL and XI as the country code for VAT registration scheme (#60)
- SaneValidityPeriodValidator incorrectly reports "pkix.invalid_time_syntax" for negative validity periods (#57)
- Decoder mapping for QcCompliance and QcSSCD statements incorrectly mapped to None (#58)
- Add detection of SKI calculation methods described in RFC 7093 to SubjectKeyIdentifierValidator (#56)
- HTTP 422 errors from REST API do not return a list of ValidationErrors in some cases (#54)
- cabf.smime.common_name_value_unknown_source finding is incorrectly reported when SmtpUtf8Mailbox SAN values appear in the subject CN (#52 - reported and fixed by @hablutzel1)
- PrintableStringConstraintValidator should flag invalid characters in tagged PrintableStrings (#48)
- Bump Docker image to Python 3.12 (#50)
- Stopping Docker container when executing external command results in immediate shutdown of container (#45)
- Publish Docker images (#43)
- Explicitly support Python 3.12 (#34)
- Add REST endpoint that returns the set of possible findings for a specific linter (#36)
- Surround document-sourced string values with double quotes in finding messages (#41)
- Suppress
ValueErrorstack trace whenlint_cabf_smime_certcan't determine certificate type (#37) OrganizationIdentifierCountryNameConsistentValidatorshould perform a case-insensitive country comparison (#38)- Change severity of
cabf.smime.email_address_in_attribute_not_in_sanfrom WARNING to ERROR (#39) - Decoding error when determining certificate type returns HTTP 500 (#40)