From b8b4e93097d87f6cbaecccedb1b3c06047b7e463 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Fri, 19 Jan 2024 23:54:51 +0000
Subject: [PATCH] x509-cert: ignore commonName warning (#1327)

With the upgrade of zlint to 3.6.0 came new lints.
One of them is enforcement of one of the measure from SC-62 removing
commonName from the Subject.
---
 x509-cert/tests/builder.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/x509-cert/tests/builder.rs b/x509-cert/tests/builder.rs
index d31eb8c7e..6a8a55a85 100644
--- a/x509-cert/tests/builder.rs
+++ b/x509-cert/tests/builder.rs
@@ -165,6 +165,9 @@ fn leaf_certificate() {
         "e_subject_common_name_not_exactly_from_san",
         // Extended key usage needs to be added by end-user and is use-case dependent
         "e_sub_cert_eku_missing",
+        // TODO(baloo): drop this in https://github.com/RustCrypto/formats/pull/1306
+        // CABF SC-62 marked commoName (CN) as not recommended
+        "w_subject_common_name_included",
     ];
 
     zlint::check_certificate(pem.as_bytes(), &ignored);
@@ -242,6 +245,9 @@ fn pss_certificate() {
         "e_sub_cert_eku_missing",
         // zlint warns on RSAPSS signature algorithms
         "e_signature_algorithm_not_supported",
+        // TODO(baloo): drop this in https://github.com/RustCrypto/formats/pull/1306
+        // CABF SC-62 marked commoName (CN) as not recommended
+        "w_subject_common_name_included",
     ];
 
     zlint::check_certificate(pem.as_bytes(), ignored);