Fix old lint checking that an OCSP URL is present in TLS Server certi…

…ficates: add ineffective date (#871) * Add files via upload * Add files via upload * Add files via upload * Add files via upload * Update lint_invalid_subject_rdn_order_test.go Added //nolint:all to comment block to avoid golangci-lint to complain about duplicate words in comment * Update lint_invalid_subject_rdn_order.go Fixed import block * Update v3/lints/cabf_br/lint_invalid_subject_rdn_order.go Fine to me. Co-authored-by: Christopher Henderson <chris@chenderson.org> * Update lint_invalid_subject_rdn_order.go As per Chris Henderson's suggestion, to "improve readability". * Update lint_invalid_subject_rdn_order_test.go As per Chris Henderson's suggestion. * Update time.go Added CABFEV_Sec9_2_8_Date * Add files via upload * Add files via upload * Revised according to Chris and Corey suggestions * Add files via upload * Add files via upload * Delete v3/lints/cabf_br/lint_e_invalid_cps_uri.go * Delete v3/lints/cabf_br/lint_e_invalid_cps_uri_test.go * Delete v3/testdata/invalid_cps_uri_ko_01.pem * Delete v3/testdata/invalid_cps_uri_ko_02.pem * Delete v3/testdata/invalid_cps_uri_ko_03.pem * Delete v3/testdata/invalid_cps_uri_ok_01.pem * Delete v3/testdata/invalid_cps_uri_ok_02.pem * Delete v3/testdata/invalid_cps_uri_ok_03.pem * Add files via upload * Update lint_sub_cert_aia_does_not_contain_ocsp_url_test.go --------- Co-authored-by: Christopher Henderson <chris@chenderson.org>
zmap · Aug 11, 2024 · 8eb670f · 8eb670f
1 parent 2e67fb9
commit 8eb670f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/v3/lints/cabf_br/lint_sub_cert_aia_does_not_contain_ocsp_url.go b/v3/lints/cabf_br/lint_sub_cert_aia_does_not_contain_ocsp_url.go
@@ -36,11 +36,12 @@ It SHOULD also contain the HTTP URL of the Issuing CA’s certificate (accessMet
 func init() {
 	lint.RegisterCertificateLint(&lint.CertificateLint{
 		LintMetadata: lint.LintMetadata{
-			Name:          "e_sub_cert_aia_does_not_contain_ocsp_url",
-			Description:   "Subscriber Certificate: authorityInformationAccess MUST contain the HTTP URL of the Issuing CA's OCSP responder.",
-			Citation:      "BRs: 7.1.2.3",
-			Source:        lint.CABFBaselineRequirements,
-			EffectiveDate: util.CABEffectiveDate,
+			Name:            "e_sub_cert_aia_does_not_contain_ocsp_url",
+			Description:     "Subscriber Certificate: authorityInformationAccess MUST contain the HTTP URL of the Issuing CA's OSCP responder.",
+			Citation:        "BRs: 7.1.2.3",
+			Source:          lint.CABFBaselineRequirements,
+			EffectiveDate:   util.CABEffectiveDate,
+			IneffectiveDate: util.CABFBRs_2_0_0_Date,
 		},
 		Lint: NewSubCertOcspUrl,
 	})

diff --git a/v3/lints/cabf_br/lint_sub_cert_aia_does_not_contain_ocsp_url_test.go b/v3/lints/cabf_br/lint_sub_cert_aia_does_not_contain_ocsp_url_test.go
@@ -40,7 +40,7 @@ func TestSubCertHasIssuerOcsp(t *testing.T) {
 }
 func TestSubCertHasIssuerOcspWithHTTPAndLDAP(t *testing.T) {
 	inputPath := "aiaOCSPOneHTTPOneLDAP.pem"
-	expected := lint.Pass
+	expected := lint.NE
 	out := test.TestLint("e_sub_cert_aia_does_not_contain_ocsp_url", inputPath)
 	if out.Status != expected {
 		t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status)