#988436 RFP: certlint -- X.509 certificate linter

Package:
wnpp
Source:
wnpp
Submitter:
Daniel Kahn Gillmor
Date:
2025-11-29 16:48:46 UTC
Severity:
wishlist
#988436#5
Date:
2021-05-13 03:00:52 UTC
From:
To:
* Package name    : certlint
  Version         : 1.3.0
  Upstream Author : Rob Stradling <rob@sectigo.com>
* URL             : https://github.com/certlint/certlint
* License         : Apache 2.0
  Programming Lang: Ruby, C
  Description     : X.509 certificate linter

This linter identifies likely problems with X.509 certificates,
including ways that they can be out of compliance with RFCs, CABForum
baseline requirements, and other standards.
---

Note that this requires building of the asn1validator extension to
ruby, which is included in the repository (as C source, afaict).

This and zlint (#915788) are apparently the two dominant X.509
certificate checkers, according to Ryan Sleevi, who is in a good
position to know:

https://twitter.com/sleevi_/status/1392120487749300226

Regards,

#988436#10
Date:
2021-05-13 03:14:23 UTC
From:
To:
A third one by a Debian person is x509lint:

https://github.com/kroeckx/x509lint

#988436#15
Date:
2021-05-14 01:13:46 UTC
From:
To:
Yep, this would be a good thing to have in debian too.  Kurt, would you
be willing to consider packaging x509lint for debian?  I can file a
formal RFP if that would encourage you to do it :)