From 61c7869ddd55369b1a652b5fafb8f27215c6c9dd Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 16 Jun 2024 00:35:19 +0200 Subject: Typofix Pointed by Jonathan Wiltshire at https://bugs.debian.org/1073174#12 . Thanks! --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 385b801..ca3e7b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,11 @@ lacme (0.8.3-1) unstable; urgency=high * New upstream bugfix release. - + Fix post-issuance validation logic. We avoid pining the intermediate + + Fix post-issuance validation logic. We avoid pinning the intermediate certificates in the bundle and instead validate the leaf certificate with intermediates supplied during issuance as untrusted (used for chain building only). Only the root certificates are used as trust anchor. - Not pining intermediate certificates is in line with Let's Encrypt's + Not pinning intermediate certificates is in line with Let's Encrypt's latest recommendations. Closes: #1072847 + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with OpenSSL -- cgit v1.2.3