From 601398e92f99a159fcb5ffc0764950ae5c60d096 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 16 Jun 2024 00:35:57 +0200 Subject: Typofix Pointed by Jonathan Wiltshire at https://bugs.debian.org/1073174#12 . Thanks! --- Changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 5c91365..df987c6 100644 --- a/Changelog +++ b/Changelog @@ -1,10 +1,10 @@ lacme (0.8.3) upstream; - + Fix post-issuance validation logic. We avoid pining the + + Fix post-issuance validation logic. We avoid pinning the intermediate certificates in the bundle and instead validate the leaf certificate with intermediates supplied during issuance as untrusted (used for chain building only). Only the root - certificates are used as trust anchor. Not pining intermediate + certificates are used as trust anchor. Not pinning intermediate certificates is in line with Let's Encrypt's latest recommendations. + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with OpenSSL 3.2 or later. -- cgit v1.2.3