diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2024-06-13 17:39:34 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2024-06-13 17:39:34 +0200 |
commit | ce6a95d172dbefd0e310c46e0a0d9c56d19e34ca (patch) | |
tree | d166fb5c093fc1af8324eb9c7e7f92cea2fae373 | |
parent | 98e4397f5330245cb7f8a21054ab078c4d0bba82 (diff) |
Prepare new release v0.8.3.v0.8.3
-rw-r--r-- | Changelog | 14 | ||||
-rwxr-xr-x | client | 2 | ||||
-rwxr-xr-x | lacme | 2 | ||||
-rwxr-xr-x | lacme-accountd | 2 |
4 files changed, 17 insertions, 3 deletions
@@ -1,3 +1,17 @@ +lacme (0.8.3) upstream; + + + Fix post-issuance validation logic. We avoid pining the + intermediate certificates in the bundle and instead validate the + leaf certificate with intermediates supplied during issuance as + untrusted (used for chain building only). Only the root + certificates are used as trust anchor. Not pining intermediate + certificates is in line with Let's Encrypt's latest recommendations. + + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with + OpenSSL 3.2 or later. + + Fix test suite. + + -- Guilhem Moulin <guilhem@fripost.org> Thu, 13 Jun 2024 17:39:34 +0200 + lacme (0.8.2) upstream; + client: Handle "ready" → "processing" → "valid" status change during @@ -43,7 +43,7 @@ use warnings; # instance own by another user and created with umask 0177) is not a # problem since SOCKET_FD can be bound as root prior to the execve(2). -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-client'; @@ -22,7 +22,7 @@ use v5.14.2; use strict; use warnings; -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $NAME = 'lacme'; use Errno 'EINTR'; diff --git a/lacme-accountd b/lacme-accountd index 8d2c599..5bc8b5f 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -23,7 +23,7 @@ use v5.14.2; use strict; use warnings; -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-accountd'; |