diff options
| -rw-r--r-- | Changelog | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1,10 +1,10 @@ lacme (0.8.3) upstream; - + Fix post-issuance validation logic. We avoid pining the + + Fix post-issuance validation logic. We avoid pinning the intermediate certificates in the bundle and instead validate the leaf certificate with intermediates supplied during issuance as untrusted (used for chain building only). Only the root - certificates are used as trust anchor. Not pining intermediate + certificates are used as trust anchor. Not pinning intermediate certificates is in line with Let's Encrypt's latest recommendations. + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with OpenSSL 3.2 or later. |