github.com/letsencrypt/boulder@v0.20251208.0/test/config-next/zlint.toml

github.com/letsencrypt/boulder@v0.20251208.0/test/config-next/zlint.toml (about)

     1  [e_pkimetal_lint_cabf_serverauth_cert]
     2  addr = "http://bpkimetal:8080"
     3  severity = "notice"
     4  timeout = 2000000000 # 2 seconds
     5  ignore_lints = [
     6    # We continue to include the Common Name in our "classic" profile, but have
     7    # removed it from our "tlsserver" and "shortlived" profiles.
     8    "pkilint:cabf.serverauth.dv.common_name_attribute_present",
     9    "zlint:w_subject_common_name_included",
    10    # We continue to include the SKID extension in our "classic" profile, but have
    11    # removed it from our "tlsserver" and "shortlived" profiles.
    12    "pkilint:cabf.serverauth.subscriber.subject_key_identifier_extension_present",
    13    "zlint:w_ext_subject_key_identifier_not_recommended_subscriber",
    14    # We continue to include the Key Encipherment Key Usage for RSA certificates
    15    # issued under the "classic" profile, but have removed it from our "tlsserver"
    16    # and "shortlived" profiles.
    17    "pkilint:cabf.serverauth.subscriber_rsa_digitalsignature_and_keyencipherment_present",
    18    # Some linters continue to complain about the lack of an AIA OCSP URI, even
    19    # when a CRLDP is present.
    20    "certlint:br_certificates_must_include_an_http_url_of_the_ocsp_responder",
    21    "x509lint:no_ocsp_over_http"
    22  ]
    23  
    24  [e_pkimetal_lint_cabf_serverauth_crl]
    25  addr = "http://bpkimetal:8080"
    26  severity = "notice"
    27  timeout = 2000000000 # 2 seconds
    28  ignore_lints = []