Skip to content
This repository has been archived by the owner on Jun 7, 2019. It is now read-only.

Commit

Permalink
Merge pull request #20 from bryanpitcher/master
Browse files Browse the repository at this point in the history
validity check changes
  • Loading branch information
tadukurow authored Jan 5, 2019
2 parents d8aaa8c + d33269e commit 0d1cb40
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 7 deletions.
24 changes: 18 additions & 6 deletions checks/certificate/validity/validity.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,30 @@ func Check(d *certdata.Data) *errors.Errors {

switch d.Type {
case "EV":
if d.Cert.NotBefore.After(d.Cert.NotBefore.AddDate(0, 27, 0)) {
e.Err("EV Certificate LifeTime exceeds 27 months")
return e
if d.Cert.NotBefore.After(time.Date(2017, 3, 17, 0, 0, 0, 0, time.UTC)) {
if d.Cert.NotAfter.After(d.Cert.NotBefore.AddDate(0, 0, 825)) {
e.Err("EV Certificate LifeTime exceeds 825 days")
return e
}
} else {
if d.Cert.NotAfter.After(d.Cert.NotBefore.AddDate(0, 27, 0)) {
e.Err("EV Certificate LifeTime exceeds 27 months")
return e
}
}
case "DV", "OV":
if d.Cert.NotBefore.After(time.Date(2015, 4, 1, 0, 0, 0, 0, time.UTC)) {
if d.Cert.NotBefore.After(d.Cert.NotBefore.AddDate(0, 39, 0)) {
if d.Cert.NotBefore.After(time.Date(2018, 3, 1, 0, 0, 0, 0, time.UTC)) {
if d.Cert.NotAfter.After(d.Cert.NotBefore.AddDate(0, 0, 825)) {
e.Err("Certificate LifeTime exceeds 825 days")
return e
}
} else if d.Cert.NotBefore.After(time.Date(2016, 7, 1, 0, 0, 0, 0, time.UTC)) {
if d.Cert.NotAfter.After(d.Cert.NotBefore.AddDate(0, 39, 0)) {
e.Err("Certificate LifeTime exceeds 39 months")
return e
}
} else {
if d.Cert.NotBefore.After(d.Cert.NotBefore.AddDate(0, 60, 0)) {
if d.Cert.NotAfter.After(d.Cert.NotBefore.AddDate(0, 60, 0)) {
e.Err("Certificate LifeTime exceeds 60 months")
return e
}
Expand Down
3 changes: 2 additions & 1 deletion testdata/evissues.pem.golden
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
Incomplete chain for VR IDENT EV SSL CA 2016 W1.DONNER.DE 68636c860bca0d94ab2be &{[] <nil> 0 {0 0}}
Processed Certificate Type: EV
Certificate Errors: 5
Certificate Errors: 6
Priority: Error, Message: Certificate contains no Authority Info Access Issuers
Priority: Error, Message: businessCategory is required for EV certificates
Priority: Error, Message: jurisdictionCountryName is required for EV certificates
Priority: Error, Message: serialNumber is required for EV certificates
Priority: Info, Message: commonName field is deprecated
Priority: Error, Message: EV Certificate LifeTime exceeds 27 months

0 comments on commit 0d1cb40

Please sign in to comment.