Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
986c72f
feat: implement RFC4055 compliance checking
mr-m0nst3r Apr 28, 2026
fcf0110
feat: implement policy filtering and OCSP support
mr-m0nst3r Apr 28, 2026
41666b4
feat: implement auto-validate mode with PKCS#7 support
mr-m0nst3r Apr 28, 2026
d9e017e
docs: update README with auto-validate and RFC 4055/6960 support
mr-m0nst3r Apr 28, 2026
2efd3b2
docs: improve policy YAML examples and add node tree structure
mr-m0nst3r Apr 28, 2026
3a05d37
fix: crlSignedBy operator skip non-applicable CRLs
mr-m0nst3r Apr 29, 2026
327d0cc
feat: auto-skip rules by input type at rule level
mr-m0nst3r Apr 29, 2026
778a70c
fix: use white color for INFO level failures
mr-m0nst3r Apr 29, 2026
e634ff1
fix: redesign node tree for correct absent/isNull operator semantics
mr-m0nst3r Apr 29, 2026
df1b524
fix: apply same node tree semantics to CRL and allow isNull on absent…
mr-m0nst3r Apr 29, 2026
8f02597
feat: implement RFC 9654 OCSP nonce extension support
mr-m0nst3r Apr 29, 2026
263bd31
docs: update README with RFC 9654 nonce support and new policies
mr-m0nst3r Apr 29, 2026
e87739c
feat: enhance certificate type detection and add validation operators
mr-m0nst3r Apr 30, 2026
3c4c8c3
docs: update README with new operators and certificate type detection
mr-m0nst3r Apr 30, 2026
fd4beed
feat: extend noUnknownCriticalExtensions operator for CRL support
mr-m0nst3r May 1, 2026
6224127
feat: detect ocspSigning certificate type via EKU
mr-m0nst3r May 1, 2026
ef27c3e
feat: implement PSL-based TLD and domain validation operators
mr-m0nst3r May 1, 2026
8bd5896
feat: add ASN.1 parsers for AIA and CRL DP extensions
mr-m0nst3r May 1, 2026
c8640f0
feat: enhance every operator with wildcard paths and unified operands
mr-m0nst3r May 1, 2026
c5eb7af
feat: add Certificate Policies extension ASN.1 parser
mr-m0nst3r May 1, 2026
ba987ee
feat: add NameConstraints extension parsing
mr-m0nst3r May 1, 2026
693ae5e
feat: add IssuerAltName and CABFOrganizationIdentifier parsing
mr-m0nst3r May 1, 2026
ac15e4d
feat: add policy friendly names to root-level certificatePolicies node
mr-m0nst3r May 1, 2026
29d5f4a
fix: wildcard path resolver returns nil when nothing matches
mr-m0nst3r May 1, 2026
6335c3f
feat: add policy friendly names to extensions.certificatePolicies node
mr-m0nst3r May 1, 2026
a70fcf3
feat: add Source tracking and dual CRL/OCSP evaluation for auto-validate
mr-m0nst3r May 1, 2026
9e15ebd
docs: rewrite POLICY_WRITING_GUIDE based on actual policy usage
mr-m0nst3r May 5, 2026
b53bc8b
fix: resolve golangci-lint errcheck issues
mr-m0nst3r May 7, 2026
0986538
refactor: split runner.go into smaller files for better maintainability
mr-m0nst3r May 7, 2026
b505f01
refactor: extract evaluation logic into evaluator.go
mr-m0nst3r May 7, 2026
c4483d4
refactor: crl fetching
cavoq May 7, 2026
d6b9fe4
refactor: unified source struct
cavoq May 7, 2026
468c132
refactor: unified format definition
cavoq May 7, 2026
7c01f6e
fix: cert type check
cavoq May 7, 2026
1f7e0f1
refactor: aia package
cavoq May 7, 2026
efe8688
refactor: asn1 package
cavoq May 7, 2026
3bc1ef9
refactor: ocsp
cavoq May 7, 2026
e2f7fa4
refactor: autofetching
cavoq May 7, 2026
44bf6fd
fix: proper name for debug.go
cavoq May 7, 2026
25c0bd4
refactor: linter
cavoq May 7, 2026
d1ce37b
refactor: evaluation
cavoq May 7, 2026
1e3ba65
fix: linting issues
cavoq May 7, 2026
7aeded3
fix: appliesTo -> certType
cavoq May 7, 2026
a924f1e
fix: update CI
cavoq May 7, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 9 additions & 10 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,28 +15,27 @@ jobs:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true

- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
uses: golangci/golangci-lint-action@v7
with:
version: latest
cache: true
version: v2.12.2

unit-tests:
name: Unit Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -45,7 +44,7 @@ jobs:
run: go test -v -race -coverprofile=coverage.out -covermode=atomic $(go list ./... | grep -v '/tests$')

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@v6
with:
files: ./coverage.out
fail_ci_if_error: false
Expand All @@ -57,10 +56,10 @@ jobs:
name: Integration Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand Down
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Binaries
pcl
/pcl
*.exe
*.exe~
*.dll
Expand Down
75 changes: 36 additions & 39 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -1,59 +1,56 @@
version: "2"

run:
timeout: 5m
modules-download-mode: readonly

linters:
enable:
- errcheck
- gosimple
- govet
- ineffassign
- staticcheck
- unused
- gofmt
- goimports
- misspell
- unconvert
- gosec
- prealloc

linters-settings:
errcheck:
check-type-assertions: true
check-blank: false

govet:
disable:
- fieldalignment

gofmt:
simplify: true

goimports:
local-prefixes: github.com/cavoq/PCL

misspell:
locale: US

gosec:
excludes:
- G104
- G304
- G306

staticcheck:
checks:
- all
- -SA1019
settings:
errcheck:
check-type-assertions: true
check-blank: false

govet:
disable:
- fieldalignment

misspell:
locale: US

gosec:
excludes:
- G104 # Errors unhandled (deferred close)
- G107 # URL from variable — intentional in fetchers
- G115 # Integer overflow in byte conversions — ASN.1 encoding
- G301 # Dir permissions 0750+ — acceptable for public data dirs
- G304 # File path via variable — intentional throughout
- G306 # File permissions — 0644 is intentional for cert/policy files

staticcheck:
checks:
- all
- -SA1019

exclusions:
rules:
- path: _test\.go
linters:
- gosec
- unparam
- errcheck
- prealloc

issues:
exclude-use-default: false
max-issues-per-linter: 0
max-same-issues: 0

exclude-rules:
- path: _test\.go
linters:
- gosec
- unparam
- errcheck
Loading
Loading