github.com/letsencrypt/boulder@v0.20251208.0/linter/lints/rfc/lint_crl_has_issuer_name.go (about) 1 package rfc 2 3 import ( 4 "github.com/zmap/zcrypto/x509" 5 "github.com/zmap/zlint/v3/lint" 6 "github.com/zmap/zlint/v3/util" 7 ) 8 9 type crlHasIssuerName struct{} 10 11 /************************************************ 12 RFC 5280: 5.1.2.3 13 The issuer field MUST contain a non-empty X.500 distinguished name (DN). 14 15 This lint does not enforce that the issuer field complies with the rest of 16 the encoding rules of a certificate issuer name, because it (perhaps wrongly) 17 assumes that those were checked when the issuer was itself issued, and on all 18 certificates issued by this CRL issuer. 19 ************************************************/ 20 21 func init() { 22 lint.RegisterRevocationListLint(&lint.RevocationListLint{ 23 LintMetadata: lint.LintMetadata{ 24 Name: "e_crl_has_issuer_name", 25 Description: "The CRL Issuer field MUST contain a non-empty X.500 distinguished name", 26 Citation: "RFC 5280: 5.1.2.3", 27 Source: lint.RFC5280, 28 EffectiveDate: util.RFC5280Date, 29 }, 30 Lint: NewCrlHasIssuerName, 31 }) 32 } 33 34 func NewCrlHasIssuerName() lint.RevocationListLintInterface { 35 return &crlHasIssuerName{} 36 } 37 38 func (l *crlHasIssuerName) CheckApplies(c *x509.RevocationList) bool { 39 return true 40 } 41 42 func (l *crlHasIssuerName) Execute(c *x509.RevocationList) *lint.LintResult { 43 if len(c.Issuer.Names) == 0 { 44 return &lint.LintResult{ 45 Status: lint.Error, 46 Details: "The CRL Issuer field MUST contain a non-empty X.500 distinguished name", 47 } 48 } 49 return &lint.LintResult{Status: lint.Pass} 50 }