Improve the util.IsServerAuthCert() function (#856)

* Add files via upload * Add files via upload * Add files via upload * Add files via upload * Update lint_invalid_subject_rdn_order_test.go Added //nolint:all to comment block to avoid golangci-lint to complain about duplicate words in comment * Update lint_invalid_subject_rdn_order.go Fixed import block * Update v3/lints/cabf_br/lint_invalid_subject_rdn_order.go Fine to me. Co-authored-by: Christopher Henderson <chris@chenderson.org> * Update lint_invalid_subject_rdn_order.go As per Chris Henderson's suggestion, to "improve readability". * Update lint_invalid_subject_rdn_order_test.go As per Chris Henderson's suggestion. * Update time.go Added CABFEV_Sec9_2_8_Date * Add files via upload * Add files via upload * Revised according to Chris and Corey suggestions * Add files via upload * Add files via upload * Delete v3/lints/cabf_br/lint_e_invalid_cps_uri.go * Delete v3/lints/cabf_br/lint_e_invalid_cps_uri_test.go * Delete v3/testdata/invalid_cps_uri_ko_01.pem * Delete v3/testdata/invalid_cps_uri_ko_02.pem * Delete v3/testdata/invalid_cps_uri_ko_03.pem * Delete v3/testdata/invalid_cps_uri_ok_01.pem * Delete v3/testdata/invalid_cps_uri_ok_02.pem * Delete v3/testdata/invalid_cps_uri_ok_03.pem * Update ca.go * Update config.json * Update config.json --------- Co-authored-by: Christopher Henderson <chris@chenderson.org>
zmap · Jun 16, 2024 · e5da476 · e5da476
1 parent 5b73e7b
commit e5da476
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/v3/integration/config.json b/v3/integration/config.json
@@ -345,7 +345,7 @@
       "ErrCount": 1
     },
     "e_ca_key_usage_missing": {
-      "ErrCount": 13
+      "ErrCount": 9
     },
     "e_ca_key_usage_not_critical": {
       "ErrCount": 40
@@ -677,7 +677,7 @@
       "ErrCount": 292
     },
     "e_sub_ca_certificate_policies_missing": {
-      "ErrCount": 59
+      "ErrCount": 50
     },
     "e_sub_ca_crl_distribution_points_does_not_contain_url": {
       "ErrCount": 2
@@ -751,7 +751,7 @@
       "ErrCount": 2
     },
     "e_subject_common_name_not_from_san": {
-      "ErrCount": 94979
+      "ErrCount": 94978
     },
     "e_subject_contains_noninformational_value": {
       "ErrCount": 338
@@ -818,7 +818,7 @@
     },
     "e_cab_dv_subject_invalid_values": {},
     "n_ca_digital_signature_not_set": {
-      "NoticeCount": 1411
+      "NoticeCount": 1405
     },
     "n_contains_redacted_dnsname": {
       "NoticeCount": 464
@@ -845,10 +845,10 @@
       "NoticeCount": 1415
     },
     "n_sub_ca_eku_not_technically_constrained": {
-      "NoticeCount": 12
+      "NoticeCount": 2
     },
     "n_subject_common_name_included": {
-      "NoticeCount": 712866
+      "NoticeCount": 712865
     },
     "w_ct_sct_policy_count_unsatisfied": {
       "NoticeCount": 5003
@@ -925,14 +925,14 @@
     "w_san_should_not_be_critical": {},
     "w_smime_aia_contains_internal_names": {},
     "w_sub_ca_aia_does_not_contain_issuing_ca_url": {
-      "WarnCount": 990
+      "WarnCount": 989
     },
     "w_sub_ca_aia_missing": {
       "WarnCount": 4
     },
     "w_sub_ca_certificate_policies_marked_critical": {},
     "w_sub_ca_eku_critical": {
-      "WarnCount": 9
+      "WarnCount": 0
     },
     "w_sub_ca_name_constraints_not_critical": {
       "WarnCount": 116

diff --git a/v3/util/ca.go b/v3/util/ca.go
@@ -52,7 +52,7 @@ func IsDelegatedOCSPResponderCert(cert *x509.Certificate) bool {
 }
 
 func IsServerAuthCert(cert *x509.Certificate) bool {
-	if len(cert.ExtKeyUsage) == 0 {
+	if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 {
 		return true
 	}
 	for _, eku := range cert.ExtKeyUsage {