Skip to content

Commit

Permalink
Allow "EL" and "XI" country codes in VAT OrgIds for TLS BR
Browse files Browse the repository at this point in the history
  • Loading branch information
CBonnell committed Feb 6, 2024
1 parent c5c95ba commit 39d977c
Show file tree
Hide file tree
Showing 7 changed files with 191 additions and 6 deletions.
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.9.9
0.9.10
20 changes: 17 additions & 3 deletions pkilint/cabf/cabf_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,14 @@ class OrganizationIdentifierAttributeValidator(validation.TypeMatchingValidator)
'cabf.invalid_subject_organization_identifier_state_province_format'
)

def __init__(self, relax_stateprovince_syntax=False, additional_schemes: typing.Optional[
typing.Mapping[str, cabf_constants.RegistrationSchemeNamingConvention]] = None):
_ISO3166_AND_ARTICLE_215_COUNTRY_CODES = set(countries_by_alpha2.keys()) | {'EL', 'XI'}

def __init__(
self,
relax_stateprovince_syntax=False,
additional_schemes: typing.Optional[
typing.Mapping[str, cabf_constants.RegistrationSchemeNamingConvention]] = None
):
super().__init__(type_oid=x520_name.id_at_organizationIdentifier,
type_path='type', value_path='value.x520OrganizationIdentifier',
pdu_class=rfc5280.AttributeTypeAndValue,
Expand Down Expand Up @@ -148,7 +154,15 @@ def validate_with_value(self, node, choice_node):
elif scheme_info.country_identifier_type == cabf_constants.RegistrationSchemeCountryIdentifierType.XG:
valid_country_code = (country_code == 'XG')
elif scheme_info.country_identifier_type == cabf_constants.RegistrationSchemeCountryIdentifierType.ISO3166:
valid_country_code = (country_code in countries_by_alpha2)
# HACK: this comparison with "_relax_stateprovince_syntax" is a hack to differentiate between SMBR and
# TLSBR validators. The EVGs don't allow the relaxed state/province syntax, so we can use that to
# determine whether to allow the "EL" and "XI" country codes permitted by the amended Article 215 of
# Council Directive 2006/112/EC. This is dirty, but this logic is getting replaced by the (much
# improved) OrgId validation logic when the QWAC linter is released in a few months
if m['scheme'] == 'VAT' and not self._relax_stateprovince_syntax:
valid_country_code = (country_code in self._ISO3166_AND_ARTICLE_215_COUNTRY_CODES)
else:
valid_country_code = (country_code in countries_by_alpha2)
else:
raise ValueError(f'Unknown country identifier type for scheme "{m["scheme"]}": '
f'{scheme_info.country_identifier_type}')
Expand Down
2 changes: 1 addition & 1 deletion pkilint/cabf/serverauth/serverauth_constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

from pyasn1.type.univ import ObjectIdentifier

BR_VERSION = '2.0.0'
BR_VERSION = '2.0.3'


ID_POLICY_EV = ObjectIdentifier('2.23.140.1.1')
Expand Down
7 changes: 6 additions & 1 deletion pkilint/cabf/serverauth/serverauth_subscriber.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ class CABFOrganizationIdentifierExtensionValidator(validation.Validator):
'cabf.serverauth.organization_identifier_ext_invalid_state_province_for_scheme'
)

_ISO3166_AND_ARTICLE_215_COUNTRY_CODES = set(countries_by_alpha2.keys()) | {'EL', 'XI'}

def __init__(self):
super().__init__(
pdu_class=ev_guidelines.CABFOrganizationIdentifier,
Expand Down Expand Up @@ -63,7 +65,10 @@ def validate(self, node):
elif scheme_info.country_identifier_type == cabf_constants.RegistrationSchemeCountryIdentifierType.XG:
valid_country_code = (country == 'XG')
elif scheme_info.country_identifier_type == cabf_constants.RegistrationSchemeCountryIdentifierType.ISO3166:
valid_country_code = country in countries_by_alpha2
if scheme == 'VAT':
valid_country_code = (country in self._ISO3166_AND_ARTICLE_215_COUNTRY_CODES)
else:
valid_country_code = country in countries_by_alpha2
else:
raise ValueError(f'Unknown country identifier type for scheme "{scheme}": '
f'{scheme_info.country_identifier_type}')
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIGSTCCBDGgAwIBAgIUT0nGRo909AMp7EmYVoILmgwKMsQwDQYJKoZIhvcNAQEL
BQAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoMFkZvbyBJbmR1c3RyaWVzIExpbWl0
ZWQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTAeFw0yMzA0MjgwMDAwMDBaFw0y
MzA3MjcyMzU5NTlaMF4xEjAQBgNVBGETCVZBVEVMLTEyMzEeMBwGA1UEChMVQWNt
ZSBJbmR1c3RyaWVzLCBMdGQuMSgwJgYJKoZIhvcNAQkBFhloYW5ha28ueWFtYWRh
QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPno
GUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqsotWxQYLEYzNEx5ZSHTGyp
ibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE89FU1nZQF15oVLOpUgA7
wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNUl86BU02vlBiESxOuox+d
WmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9sB6iDjj70HFldzOQ9r8SR
I+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P593VVJvnzOjaA1z6Cz+4+e
RvcysqhrRgFlwI9TEwIDAQABo4ICEzCCAg8wDAYDVR0TAQH/BAIwADAOBgNVHQ8B
Af8EBAMCB4AwHwYDVR0jBBgwFoAU1kQAMnyoDf+sT2tm7rWumyzFOFQwHQYDVR0O
BBYEFIkZWV4O8Wn1y71H4TT84pjMaTCRMBQGA1UdIAQNMAswCQYHZ4EMAQUCAjA9
BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLmNhLmV4YW1wbGUuY29tL2lzc3Vp
bmdfY2FfY3JsLmNybDBLBggrBgEFBQcBAQQ/MD0wOwYIKwYBBQUHMAKGL2h0dHA6
Ly9yZXBvc2l0b3J5LmNhLmV4YW1wbGUuY29tL2lzc3VpbmdfY2EuZGVyMB0GA1Ud
JQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjCByAYDVR0RBIHAMIG9gRloYW5ha28u
eWFtYWRhQGV4YW1wbGUuY29toCkGCisGAQQBgjcUAgOgGwwZaGFuYWtvLnlhbWFk
YUBleGFtcGxlLmNvbaAmBggrBgEFBQcICaAaDBjlsbHnlLDoirHlrZBAZXhhbXBs
ZS5jb22kTTBLMSMwIQYDVQRhExpMRUlYRy1BRVlFMDBFS1hFU1ZaVVVFQlA2NzEk
MCIGA1UECgwb44Ki44Kv44Of5bel5qWt5qCq5byP5Lya56S+MCMGCSsGAQQBg5gq
AQQWExRBRVlFMDBFS1hFU1ZaVVVFQlA2NzANBgkqhkiG9w0BAQsFAAOCAgEAALJ+
FR219frGJUfrL8xWFfRuFCnLdyzM78Ey0qJqZES199XlYozXhMzCUKYN/zbmery9
0uWNyuJtYGJYl0lhfzBxMmMHk88gCDkLyj8h4a+r2NiQsiN2bXXp1t5CStQeoalj
ZL9r2IIERGB+MigR1Rz7g1ECvVo7+llr3/EwqV9aa88OtnmQoroSlk86hTGjdEUu
ixhR2T+/VMEpdlxmimg88E8afa05yc+GBGnxhyk2zk+nbusC1TrEnMsF2zIaMGlH
jMP/v3Gsl1VucFutU06xhItWmWYcHeVr0wLO/gMDdSbIUgsxobvWynh52D4D1gJs
Hpnelc5EyGCxhLp7X9tjIy7pSXQAA9fy63cdSk6xbpYtlCU/S0PGm+gMMKAydAun
L2WgqEwpFB0TwuE+obw3jJI2eO15YFJU5qEt5eNM2H7KzO0R5lZE0wnbmhgggYGr
c6SFsVzgCocwHOtG9hETci6imtbQ8XoiY86KLUaxYcR4ilXoFj3yhKy8qP7LHdg+
sI3/2sIVkoohmnIEidKmO4lhGqavh8bSVLy00PiebItEVoD4hgMtrcl3c8yM7C/c
pXtmlRvk49RnJJiSPnSS+34I2DKmhS7ZCqHRPyUdE6ebULW+ZCNc3vG4yleapzJQ
iFdUbWgLm8XfBNHSAWs3NvdzV/MqQUERWI3VEdQ=
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence.0.0,OrganizationIdentifierAttributeValidator,ERROR,cabf.invalid_subject_organization_identifier_country,"Invalid country code for scheme ""VAT"": ""EL"""
certificate.tbsCertificate.extensions.3.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
-----BEGIN CERTIFICATE-----
MIIJhjCCB26gAwIBAgIQcK2Vs8415AzSapDFAmsllDANBgkqhkiG9w0BAQsFADCB
wTELMAkGA1UEBhMCR1IxDzANBgNVBAcMBkF0aGVuczErMCkGA1UECgwiR3JlZWsg
VW5pdmVyc2l0aWVzIE5ldHdvcmsgKEdVbmV0KTEYMBYGA1UEYQwPVkFUR1ItMDk5
MDI4MjIwMTcwNQYDVQQLDC5IZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2gg
SW5zdGl0dXRpb25zIENBMSEwHwYDVQQDDBhIQVJJQ0EgUVdBQyBSU0EgU3ViQ0Eg
UjEwHhcNMjIxMTI0MTAwNjM3WhcNMjMxMjI2MTAwNjE5WjCB9TELMAkGA1UEBhMC
R1IxDzANBgNVBAcMBkF0aGVuczEjMCEGA1UECgwaR3JlZWsgVW5pdmVyc2l0aWVz
IE5ldHdvcmsxGDAWBgNVBGEMD05UUkVMLTA5OTAyODIyMDEYMBYGA1UEBRMPMTMz
OTIvMjgtOS0yMDAwMRYwFAYDVQQDDA13d3cuaGFyaWNhLmdyMR0wGwYDVQQPDBRQ
cml2YXRlIE9yZ2FuaXphdGlvbjEXMBUGCysGAQQBgjc8AgEBDAZBdGhlbnMxFzAV
BgsrBgEEAYI3PAIBAgwGQXR0aWNhMRMwEQYLKwYBBAGCNzwCAQMTAkdSMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wgeqDa+A4QIOrtYkcn18Pv5VVXc
7z2s5O8YlUY8bfzDowehM+X5vCiq0OwUzNnagxDUyAcMNvAaeEcngO6Zca46dmpQ
PaKNYqVVHU1EQXunxFfYze2dvAwg0I12pGQ0hUqQzzgcg3FJ0IeVdB/KeRbiervu
rwgu5oO71ukF2jLM/jiq0rAwYWXBi8G7oEO9HrDP/1B4NXVqU/00ctEcfOjqYx6K
ZqAi7qgS9fIPuaOj1CFuk3zi3jjEiBxv7rOWKGeqA3vXcaO9Qe+a09APdvZxbOsn
crmmpVosEYal2DwzzCorvLY1zpQismHTK8htO8/NMHYxJv6FQNOLTFJIwwIDAQAB
o4IEQjCCBD4wHwYDVR0jBBgwFoAUSDLHqH5iSp4FAN7Ol/pTG+CjTPwwcAYIKwYB
BQUHAQEEZDBiMD0GCCsGAQUFBzAChjFodHRwOi8vcmVwby5oYXJpY2EuZ3IvY2Vy
dHMvSGFyaWNhUVdBQ1N1YkNBUjEuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2Nz
cC5oYXJpY2EuZ3IwPQYDVR0RBDYwNIINd3d3LmhhcmljYS5ncoIJaGFyaWNhLmdy
gg13d3cuaGFyaWNhLmV1ggloYXJpY2EuZXUwYQYDVR0gBFowWDAHBgVngQwBATAJ
BgcEAIvsQAEEMEIGDCsGAQQBgc8RAQEBBTAyMDAGCCsGAQUFBwIBFiRodHRwczov
L3JlcG8uaGFyaWNhLmdyL2RvY3VtZW50cy9DUFMwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMBMIHWBggrBgEFBQcBAwSByTCBxjAVBggrBgEFBQcLAjAJBgcE
AIvsSQECMAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAzCBjQYGBACORgEF
MIGCMD8WOWh0dHBzOi8vcmVwby5oYXJpY2EuZ3IvZG9jdW1lbnRzL1F1YWxpZmll
ZExlZ2FsUERTLUVOLnBkZhMCZW4wPxY5aHR0cHM6Ly9yZXBvLmhhcmljYS5nci9k
b2N1bWVudHMvUXVhbGlmaWVkTGVnYWxQRFMtRUwucGRmEwJlbDAfBgVngQwDAQQW
MBQTA05UUhMCRUwMCTA5OTAyODIyMDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v
Y3JsLmhhcmljYS5nci9IYXJpY2FRV0FDU3ViQ0FSMS5jcmwwHQYDVR0OBBYEFGq8
9pLNjYE4iUWT5w2NJF0RYaVIMA4GA1UdDwEB/wQEAwIFoDCCAYAGCisGAQQB1nkC
BAIEggFwBIIBbAFqAHYArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA
AAGEqSO8NQAABAMARzBFAiAGm1yqRqcofGHJqUA9JNh50J2hE3GIY3HnGdsAF+Up
RwIhALG58OWVBbDTNUhqA0nJzDJXXGrqdVAiMOeH3JN3TzPRAHcAb1N2rDHwMRnY
mQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAGEqSO81wAABAMASDBGAiEAtmYL7A6l
rNjnTRReHuw6EXyuHSorxt46C6T1GnC4OfsCIQDEP6wQkuZBPmYZMlSf9ghqwFEz
XaMkPiIhDkZ/nSd2SQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutS
AAABhKkjvG0AAAQDAEgwRgIhAJdbfRRzlYOjsYH/QvNQPhxGX4w1Vj11hmcUy2Vy
Y0DmAiEA5ngwHaGHHnpt1bLU/d+Izr4tNgwSH5HhDOAvaZcR2aMwDQYJKoZIhvcN
AQELBQADggIBABWJGHjgwYhITbNid039xuQNdPPEjaP6dv+b2nzbxL66KZz2NejU
Idyey8Cd6YHwiq+9Xlvn/06u8JYe+hn23E5FaVJXkmf0FagFgKNF2dHWNVrn9I6L
/xWKpuOUQ473iXX2FnyFMkE6rTA4GGDvy8YQdhaVWXKkBeOKwgVgy/X5+cxuWuiX
XaD/EEu72CR2qMhO2nd9HK+g+IVR+stBQnmzPvPLFKryVqpeO5N1EMCOEqhgavNQ
KIn36V1WJ0VYcXstgZIm3uDYql/KaFZxDT2cCnsaJK1IV/jCVlq+87ANG/Cf7tAQ
Z1caPtInO59nqVSfN4XOvwddT2WiEnzfGhX3EBVdV0QSN2UA8ppzjx3V02BSOjGT
CBVQMbfS+Bdof250I3Vrp+8EbY48y0x+K3eHuBT+01ak1za0T2rxfvhFCgIZ1S/h
CJ/yvz1stk2UrfuPchRudSuhPkFwcEtCg7uYetAVt+yAFHaFmH6xywAnRxwvvf7D
RGbEa8ONm+pgjJYGyd51+LdyzMj46gsEIpuoOztz7xES9RDNtO1D8BStq+kdlpM2
PYROMJzfvTcMYjsh0UwyRXgiUoSZmn25qRAjuCVWNPzKyK+IdNoRwsrBTVUsYMrQ
JDnDZXVvIY2ad6X9iQdpLTAWND6QPpmIEEg9RDIMUoq6z8qSwMnCXUS0
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3
certificate.tbsCertificate.extensions.9.extnValue.keyUsage,SubscriberKeyUsageValidator,WARNING,cabf.serverauth.subscriber_rsa_digitalsignature_and_keyencipherment_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.subject_key_identifier_extension_present,
certificate.tbsCertificate.extensions.8.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.2.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,
certificate.tbsCertificate.extensions.6.extnValue.cABFOrganizationIdentifier,CABFOrganizationIdentifierExtensionValidator,ERROR,cabf.serverauth.organization_identifier_ext_invalid_country,"Invalid country code for scheme ""NTR"": ""EL"""
certificate.tbsCertificate.subject.rdnSequence.3.0,OrganizationIdentifierAttributeValidator,ERROR,cabf.invalid_subject_organization_identifier_country,"Invalid country code for scheme ""NTR"": ""EL"""
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
-----BEGIN CERTIFICATE-----
MIIJhjCCB26gAwIBAgIQcK2Vs8415AzSapDFAmsllDANBgkqhkiG9w0BAQsFADCB
wTELMAkGA1UEBhMCR1IxDzANBgNVBAcMBkF0aGVuczErMCkGA1UECgwiR3JlZWsg
VW5pdmVyc2l0aWVzIE5ldHdvcmsgKEdVbmV0KTEYMBYGA1UEYQwPVkFUR1ItMDk5
MDI4MjIwMTcwNQYDVQQLDC5IZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2gg
SW5zdGl0dXRpb25zIENBMSEwHwYDVQQDDBhIQVJJQ0EgUVdBQyBSU0EgU3ViQ0Eg
UjEwHhcNMjIxMTI0MTAwNjM3WhcNMjMxMjI2MTAwNjE5WjCB9TELMAkGA1UEBhMC
R1IxDzANBgNVBAcMBkF0aGVuczEjMCEGA1UECgwaR3JlZWsgVW5pdmVyc2l0aWVz
IE5ldHdvcmsxGDAWBgNVBGEMD1ZBVEVMLTA5OTAyODIyMDEYMBYGA1UEBRMPMTMz
OTIvMjgtOS0yMDAwMRYwFAYDVQQDDA13d3cuaGFyaWNhLmdyMR0wGwYDVQQPDBRQ
cml2YXRlIE9yZ2FuaXphdGlvbjEXMBUGCysGAQQBgjc8AgEBDAZBdGhlbnMxFzAV
BgsrBgEEAYI3PAIBAgwGQXR0aWNhMRMwEQYLKwYBBAGCNzwCAQMTAkdSMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wgeqDa+A4QIOrtYkcn18Pv5VVXc
7z2s5O8YlUY8bfzDowehM+X5vCiq0OwUzNnagxDUyAcMNvAaeEcngO6Zca46dmpQ
PaKNYqVVHU1EQXunxFfYze2dvAwg0I12pGQ0hUqQzzgcg3FJ0IeVdB/KeRbiervu
rwgu5oO71ukF2jLM/jiq0rAwYWXBi8G7oEO9HrDP/1B4NXVqU/00ctEcfOjqYx6K
ZqAi7qgS9fIPuaOj1CFuk3zi3jjEiBxv7rOWKGeqA3vXcaO9Qe+a09APdvZxbOsn
crmmpVosEYal2DwzzCorvLY1zpQismHTK8htO8/NMHYxJv6FQNOLTFJIwwIDAQAB
o4IEQjCCBD4wHwYDVR0jBBgwFoAUSDLHqH5iSp4FAN7Ol/pTG+CjTPwwcAYIKwYB
BQUHAQEEZDBiMD0GCCsGAQUFBzAChjFodHRwOi8vcmVwby5oYXJpY2EuZ3IvY2Vy
dHMvSGFyaWNhUVdBQ1N1YkNBUjEuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2Nz
cC5oYXJpY2EuZ3IwPQYDVR0RBDYwNIINd3d3LmhhcmljYS5ncoIJaGFyaWNhLmdy
gg13d3cuaGFyaWNhLmV1ggloYXJpY2EuZXUwYQYDVR0gBFowWDAHBgVngQwBATAJ
BgcEAIvsQAEEMEIGDCsGAQQBgc8RAQEBBTAyMDAGCCsGAQUFBwIBFiRodHRwczov
L3JlcG8uaGFyaWNhLmdyL2RvY3VtZW50cy9DUFMwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMBMIHWBggrBgEFBQcBAwSByTCBxjAVBggrBgEFBQcLAjAJBgcE
AIvsSQECMAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGAzCBjQYGBACORgEF
MIGCMD8WOWh0dHBzOi8vcmVwby5oYXJpY2EuZ3IvZG9jdW1lbnRzL1F1YWxpZmll
ZExlZ2FsUERTLUVOLnBkZhMCZW4wPxY5aHR0cHM6Ly9yZXBvLmhhcmljYS5nci9k
b2N1bWVudHMvUXVhbGlmaWVkTGVnYWxQRFMtRUwucGRmEwJlbDAfBgVngQwDAQQW
MBQTA1ZBVBMCRUwMCTA5OTAyODIyMDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v
Y3JsLmhhcmljYS5nci9IYXJpY2FRV0FDU3ViQ0FSMS5jcmwwHQYDVR0OBBYEFGq8
9pLNjYE4iUWT5w2NJF0RYaVIMA4GA1UdDwEB/wQEAwIFoDCCAYAGCisGAQQB1nkC
BAIEggFwBIIBbAFqAHYArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA
AAGEqSO8NQAABAMARzBFAiAGm1yqRqcofGHJqUA9JNh50J2hE3GIY3HnGdsAF+Up
RwIhALG58OWVBbDTNUhqA0nJzDJXXGrqdVAiMOeH3JN3TzPRAHcAb1N2rDHwMRnY
mQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAGEqSO81wAABAMASDBGAiEAtmYL7A6l
rNjnTRReHuw6EXyuHSorxt46C6T1GnC4OfsCIQDEP6wQkuZBPmYZMlSf9ghqwFEz
XaMkPiIhDkZ/nSd2SQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutS
AAABhKkjvG0AAAQDAEgwRgIhAJdbfRRzlYOjsYH/QvNQPhxGX4w1Vj11hmcUy2Vy
Y0DmAiEA5ngwHaGHHnpt1bLU/d+Izr4tNgwSH5HhDOAvaZcR2aMwDQYJKoZIhvcN
AQELBQADggIBABWJGHjgwYhITbNid039xuQNdPPEjaP6dv+b2nzbxL66KZz2NejU
Idyey8Cd6YHwiq+9Xlvn/06u8JYe+hn23E5FaVJXkmf0FagFgKNF2dHWNVrn9I6L
/xWKpuOUQ473iXX2FnyFMkE6rTA4GGDvy8YQdhaVWXKkBeOKwgVgy/X5+cxuWuiX
XaD/EEu72CR2qMhO2nd9HK+g+IVR+stBQnmzPvPLFKryVqpeO5N1EMCOEqhgavNQ
KIn36V1WJ0VYcXstgZIm3uDYql/KaFZxDT2cCnsaJK1IV/jCVlq+87ANG/Cf7tAQ
Z1caPtInO59nqVSfN4XOvwddT2WiEnzfGhX3EBVdV0QSN2UA8ppzjx3V02BSOjGT
CBVQMbfS+Bdof250I3Vrp+8EbY48y0x+K3eHuBT+01ak1za0T2rxfvhFCgIZ1S/h
CJ/yvz1stk2UrfuPchRudSuhPkFwcEtCg7uYetAVt+yAFHaFmH6xywAnRxwvvf7D
RGbEa8ONm+pgjJYGyd51+LdyzMj46gsEIpuoOztz7xES9RDNtO1D8BStq+kdlpM2
PYROMJzfvTcMYjsh0UwyRXgiUoSZmn25qRAjuCVWNPzKyK+IdNoRwsrBTVUsYMrQ
JDnDZXVvIY2ad6X9iQdpLTAWND6QPpmIEEg9RDIMUoq6z8qSwMnCXUS0
-----END CERTIFICATE-----

node_path,validator,severity,code,message
certificate.tbsCertificate.subject.rdnSequence,EvSubscriberAttributeAllowanceValidator,WARNING,cabf.ev_guidelines.common_name_attribute_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 2.23.140.3.1
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.unknown_extension_present,Unknown extension present: 1.3.6.1.5.5.7.1.3
certificate.tbsCertificate.extensions.9.extnValue.keyUsage,SubscriberKeyUsageValidator,WARNING,cabf.serverauth.subscriber_rsa_digitalsignature_and_keyencipherment_present,
certificate.tbsCertificate.extensions,SubscriberExtensionAllowanceValidator,WARNING,cabf.serverauth.subscriber.subject_key_identifier_extension_present,
certificate.tbsCertificate.extensions.8.extnValue.subjectKeyIdentifier,SubjectKeyIdentifierValidator,INFO,pkix.subject_key_identifier_method_1_identified,
certificate.tbsCertificate.extensions.3.extnValue.certificatePolicies.2.policyQualifiers.0,CertificatePolicyQualifierValidator,WARNING,cabf.serverauth.certificate_policy_qualifier_present,

0 comments on commit 39d977c

Please sign in to comment.