aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2024-06-15 21:24:54 +0200
committerGuilhem Moulin <guilhem@debian.org>2024-06-16 00:10:26 +0200
commitc750e5b8a31ed5267150167ac68b5a5f89fc488b (patch)
tree94bb8b32e179addc8892984c52150f8911f0b50a
parentdb39468162d7631abe75bd2cfbde92c69a3520cd (diff)
Pointed by Jonathan Wiltshire at https://bugs.debian.org/1073174#12 . Thanks!
-rw-r--r--debian/changelog13
-rw-r--r--debian/patches/Fix-post-issuance-validation-logic.patch2
2 files changed, 8 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog
index 9a0e819..febb402 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,12 @@
lacme (0.8.2-1+deb12u1) bookworm; urgency=medium
- * Backport upstream patches to fix post-issuance validation logic.
- We avoid pining the intermediate certificates in the bundle and instead
- validate the leaf certificate with intermediates supplied during issuance
- as untrusted (used for chain building only). Only the root certificates
- are used as trust anchor. Not pining intermediate certificates is in line
- with Let's Encrypt's latest recommendations.
+ * Backport upstream patches to fix post-issuance validation logic. We avoid
+ pinning the intermediate certificates in the bundle and instead validate
+ the leaf certificate with intermediates supplied during issuance as
+ untrusted (used for chain building only). Only the root certificates are
+ used as trust anchor.
+ Not pinning intermediate certificates is in line with Let's Encrypt's
+ latest recommendations.
Closes: #1072847
* Adjust test suite against current Let's Encrypt staging environment.
* d/gbp.conf: Set 'debian-branch = debian/bookworm'.
diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch
index 1453055..6296928 100644
--- a/debian/patches/Fix-post-issuance-validation-logic.patch
+++ b/debian/patches/Fix-post-issuance-validation-logic.patch
@@ -7,7 +7,7 @@ validate the leaf certificate with intermediates as untrusted (used for
chain building only). Only the root certificates are used as trust
anchor.
-Not pining intermediate certificates anymore is in line with Let's
+Not pinning intermediate certificates anymore is in line with Let's
Encrypt's latest recommendations:
Rotating the set of intermediates we issue from helps keep the