diff options
Diffstat (limited to 'Changelog')
| -rw-r--r-- | Changelog | 31 |
1 files changed, 30 insertions, 1 deletions
@@ -1,3 +1,28 @@ +lacme (0.8.3) upstream; + + + Fix post-issuance validation logic. We avoid pinning the + intermediate certificates in the bundle and instead validate the + leaf certificate with intermediates supplied during issuance as + untrusted (used for chain building only). Only the root + certificates are used as trust anchor. Not pinning intermediate + certificates is in line with Let's Encrypt's latest recommendations. + + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with + OpenSSL 3.2 or later. + + Fix test suite. + + -- Guilhem Moulin <guilhem@fripost.org> Thu, 13 Jun 2024 17:39:34 +0200 + +lacme (0.8.2) upstream; + + + client: Handle "ready" → "processing" → "valid" status change during + newOrder, instead of just "ready" → "valid". The latter may be what + we observe when the server is fast enough, but according to RFC 8555 + sec. 7.1.6 the state actually transitions via "processing" state and + we need to account for that. + - Test suite: Point stretch's archive URL to archive.d.o. + + -- Guilhem Moulin <guilhem@fripost.org> Tue, 25 Apr 2023 20:06:22 +0200 + lacme (0.8.1) upstream; + lacme-accountd: improve log messages and refactor logging logic. @@ -11,6 +36,8 @@ lacme (0.8.1) upstream; 'chmod'. + lacme: split certificates using Net::SSLeay::PEM_* instead of calling openssl. + + lacme: pass a temporary JSON file with the client configuration to + the internal client, so it doesn't have to parse the INI file again. - lacme: in the [accountd] config, let lacme-accountd(1) do the %-expansion for 'config', not lacme(8) when building the command. - lacme-accountd: don't log debug messages unless --debug is set. @@ -23,8 +50,10 @@ lacme (0.8.1) upstream; - lacme: ignore empty values in settings 'chown', 'chmod', 'certificate' and 'certificate-chain'. - lacme: return an error when the 'mode'/'chown' isn't a number. + - Makefile: replace '$(dir $@)' with '$(@D)'. + - Test suite: Adjust against current Let's Encrypt staging environment. - -- Guilhem Moulin <guilhem@fripost.org> Mon, 22 Feb 2021 12:04:28 +0100 + -- Guilhem Moulin <guilhem@fripost.org> Wed, 25 Jan 2023 03:23:51 +0100 lacme (0.8.0) upstream; |