19 lines
1.1 KiB
TOML
19 lines
1.1 KiB
TOML
[e_pkilint_lint_cabf_serverauth_cert]
|
|
pkilint_addr = "http://10.77.77.9"
|
|
pkilint_timeout = 200000000 # 200 milliseconds
|
|
ignore_lints = [
|
|
# We include the CN in (almost) all of our certificates, on purpose.
|
|
# See https://github.com/letsencrypt/boulder/issues/5112 for details.
|
|
"DvSubcriberAttributeAllowanceValidator:cabf.serverauth.dv.common_name_attribute_present",
|
|
# We include the SKID in all of our certs, on purpose.
|
|
# See https://github.com/letsencrypt/boulder/issues/7446 for details.
|
|
"SubscriberExtensionAllowanceValidator:cabf.serverauth.subscriber.subject_key_identifier_extension_present",
|
|
# We compute the skid using RFC7093 Method 1, on purpose.
|
|
# See https://github.com/letsencrypt/boulder/pull/7179 for details.
|
|
"SubjectKeyIdentifierValidator:pkix.subject_key_identifier_rfc7093_method_1_identified",
|
|
# We include the keyEncipherment key usage in RSA certs, on purpose.
|
|
# It is only necessary for old versions of TLS, and is included for backwards
|
|
# compatibility. We intend to remove this in the short-lived profile.
|
|
"SubscriberKeyUsageValidator:cabf.serverauth.subscriber_rsa_digitalsignature_and_keyencipherment_present",
|
|
]
|