aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2024-06-13 17:54:21 +0200
committerGuilhem Moulin <guilhem@debian.org>2024-06-13 17:54:21 +0200
commit31168af791066a43adf6a52d2f51da6185bab15e (patch)
tree134768f15684231732ef2640e5a60a630c5886ea /Changelog
parentd531c00ae1c422b3f0948d297098722fb448edb5 (diff)
parentce6a95d172dbefd0e310c46e0a0d9c56d19e34ca (diff)
Merge tag 'v0.8.3' into debian/latest
Release version 0.8.3
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog14
1 files changed, 14 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 2863d18..5c91365 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,17 @@
+lacme (0.8.3) upstream;
+
+ + Fix post-issuance validation logic. We avoid pining the
+ intermediate certificates in the bundle and instead validate the
+ leaf certificate with intermediates supplied during issuance as
+ untrusted (used for chain building only). Only the root
+ certificates are used as trust anchor. Not pining intermediate
+ certificates is in line with Let's Encrypt's latest recommendations.
+ + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with
+ OpenSSL 3.2 or later.
+ + Fix test suite.
+
+ -- Guilhem Moulin <guilhem@fripost.org> Thu, 13 Jun 2024 17:39:34 +0200
+
lacme (0.8.2) upstream;
+ client: Handle "ready" → "processing" → "valid" status change during