From ce6a95d172dbefd0e310c46e0a0d9c56d19e34ca Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 17:39:34 +0200 Subject: Prepare new release v0.8.3. --- Changelog | 14 ++++++++++++++ client | 2 +- lacme | 2 +- lacme-accountd | 2 +- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/Changelog b/Changelog index 2863d18..5c91365 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,17 @@ +lacme (0.8.3) upstream; + + + Fix post-issuance validation logic. We avoid pining the + intermediate certificates in the bundle and instead validate the + leaf certificate with intermediates supplied during issuance as + untrusted (used for chain building only). Only the root + certificates are used as trust anchor. Not pining intermediate + certificates is in line with Let's Encrypt's latest recommendations. + + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with + OpenSSL 3.2 or later. + + Fix test suite. + + -- Guilhem Moulin Thu, 13 Jun 2024 17:39:34 +0200 + lacme (0.8.2) upstream; + client: Handle "ready" → "processing" → "valid" status change during diff --git a/client b/client index d993518..2a5ee3c 100755 --- a/client +++ b/client @@ -43,7 +43,7 @@ use warnings; # instance own by another user and created with umask 0177) is not a # problem since SOCKET_FD can be bound as root prior to the execve(2). -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-client'; diff --git a/lacme b/lacme index b167f9b..37d3a51 100755 --- a/lacme +++ b/lacme @@ -22,7 +22,7 @@ use v5.14.2; use strict; use warnings; -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $NAME = 'lacme'; use Errno 'EINTR'; diff --git a/lacme-accountd b/lacme-accountd index 8d2c599..5bc8b5f 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -23,7 +23,7 @@ use v5.14.2; use strict; use warnings; -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-accountd'; -- cgit v1.2.3