aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Changelog14
-rwxr-xr-xclient2
-rwxr-xr-xlacme2
-rwxr-xr-xlacme-accountd2
4 files changed, 17 insertions, 3 deletions
diff --git a/Changelog b/Changelog
index 2863d18..5c91365 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,17 @@
+lacme (0.8.3) upstream;
+
+ + Fix post-issuance validation logic. We avoid pining the
+ intermediate certificates in the bundle and instead validate the
+ leaf certificate with intermediates supplied during issuance as
+ untrusted (used for chain building only). Only the root
+ certificates are used as trust anchor. Not pining intermediate
+ certificates is in line with Let's Encrypt's latest recommendations.
+ + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with
+ OpenSSL 3.2 or later.
+ + Fix test suite.
+
+ -- Guilhem Moulin <guilhem@fripost.org> Thu, 13 Jun 2024 17:39:34 +0200
+
lacme (0.8.2) upstream;
+ client: Handle "ready" → "processing" → "valid" status change during
diff --git a/client b/client
index d993518..2a5ee3c 100755
--- a/client
+++ b/client
@@ -43,7 +43,7 @@ use warnings;
# instance own by another user and created with umask 0177) is not a
# problem since SOCKET_FD can be bound as root prior to the execve(2).
-our $VERSION = '0.8.2';
+our $VERSION = '0.8.3';
my $PROTOCOL_VERSION = 1;
my $NAME = 'lacme-client';
diff --git a/lacme b/lacme
index b167f9b..37d3a51 100755
--- a/lacme
+++ b/lacme
@@ -22,7 +22,7 @@ use v5.14.2;
use strict;
use warnings;
-our $VERSION = '0.8.2';
+our $VERSION = '0.8.3';
my $NAME = 'lacme';
use Errno 'EINTR';
diff --git a/lacme-accountd b/lacme-accountd
index 8d2c599..5bc8b5f 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -23,7 +23,7 @@ use v5.14.2;
use strict;
use warnings;
-our $VERSION = '0.8.2';
+our $VERSION = '0.8.3';
my $PROTOCOL_VERSION = 1;
my $NAME = 'lacme-accountd';