github.com/letsencrypt/boulder@v0.20251208.0/linter/lints/cpcps/lint_crl_has_no_aia.go (about) 1 package cpcps 2 3 import ( 4 "github.com/zmap/zcrypto/encoding/asn1" 5 "github.com/zmap/zcrypto/x509" 6 "github.com/zmap/zlint/v3/lint" 7 8 "github.com/letsencrypt/boulder/linter/lints" 9 ) 10 11 type crlHasNoAIA struct{} 12 13 /************************************************ 14 RFC 5280: 5.2.7 15 16 The requirements around the Authority Information Access extension are extensive. 17 Therefore we do not include one. 18 Conforming CRL issuers MUST include the nextUpdate field in all CRLs. 19 ************************************************/ 20 21 func init() { 22 lint.RegisterRevocationListLint(&lint.RevocationListLint{ 23 LintMetadata: lint.LintMetadata{ 24 Name: "e_crl_has_no_aia", 25 Description: "Let's Encrypt does not include the CRL AIA extension", 26 Citation: "", 27 Source: lints.LetsEncryptCPS, 28 EffectiveDate: lints.CPSV33Date, 29 }, 30 Lint: NewCrlHasNoAIA, 31 }) 32 } 33 34 func NewCrlHasNoAIA() lint.RevocationListLintInterface { 35 return &crlHasNoAIA{} 36 } 37 38 func (l *crlHasNoAIA) CheckApplies(c *x509.RevocationList) bool { 39 return true 40 } 41 42 func (l *crlHasNoAIA) Execute(c *x509.RevocationList) *lint.LintResult { 43 aiaOID := asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1} // id-pe-authorityInfoAccess 44 if lints.GetExtWithOID(c.Extensions, aiaOID) != nil { 45 return &lint.LintResult{ 46 Status: lint.Notice, 47 Details: "CRL has an Authority Information Access url", 48 } 49 } 50 return &lint.LintResult{Status: lint.Pass} 51 }