aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2024-06-15 21:24:54 +0200
committerGuilhem Moulin <guilhem@debian.org>2024-06-15 21:27:41 +0200
commit6362716a94ef687e2d1f5bf662a3329866346675 (patch)
tree25a195d7ecb58259944aefa5f61e2df9817b52be
parent6a6146c9f860c9efa8729931c6e439b71b81039e (diff)
Pointed by Jonathan Wiltshire at https://bugs.debian.org/1073174#12 . Thanks!
-rw-r--r--debian/changelog13
-rw-r--r--debian/patches/Fix-post-issuance-validation-logic.patch2
2 files changed, 8 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog
index 382a8ed..8a26ff6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,12 @@
lacme (0.8.0-2+deb11u2) bullseye; urgency=medium
- * Backport upstream patches to fix fix post-issuance validation logic.
- We avoid pining the intermediate certificates in the bundle and instead
- validate the leaf certificate with intermediates supplied during issuance
- as untrusted (used for chain building only). Only the root certificates
- are used as trust anchor. Not pining intermediate certificates is in line
- with Let's Encrypt's latest recommendations.
+ * Backport upstream patches to fix post-issuance validation logic. We avoid
+ pinning the intermediate certificates in the bundle and instead validate
+ the leaf certificate with intermediates supplied during issuance as
+ untrusted (used for chain building only). Only the root certificates are
+ used as trust anchor.
+ Not pinning intermediate certificates is in line with Let's Encrypt's
+ latest recommendations.
Closes: #1072847
* Adjust test suite against current Let's Encrypt staging environment.
diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch
index 61f8da3..bbd9f02 100644
--- a/debian/patches/Fix-post-issuance-validation-logic.patch
+++ b/debian/patches/Fix-post-issuance-validation-logic.patch
@@ -7,7 +7,7 @@ validate the leaf certificate with intermediates as untrusted (used for
chain building only). Only the root certificates are used as trust
anchor.
-Not pining intermediate certificates anymore is in line with Let's
+Not pinning intermediate certificates anymore is in line with Let's
Encrypt's latest recommendations:
Rotating the set of intermediates we issue from helps keep the