| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Mention-the-Debian-BTS-in-the-manpages.patch | Mention the Debian BTS in the manpages. | Guilhem Moulin <guilhem@debian.org> | not-needed | 2016-12-01 | ||
| client-Handle-ready-processing-valid-status-change-during.patch | =?utf-8?q?client=3A_Handle_=22ready=22_=E2=86=92_=22processing=22_?= =?utf-8?q?=E2=86=92_=22valid=22_status_change_during_newOrder=2E?= Instead of just "ready" → "valid", which may be what we observe when the server is fast enough, but according to RFC 8555 sec. 7.1.6 the state actually transitions via "processing" state and we need to account for that. It appears Let's Encrypt staging environment now has different timing conditions and lacme is unable to request certificates due to this issue. Thanks to Alexander Borkowski for the report! |
Guilhem Moulin <guilhem@fripost.org> | no | debian | 2023-04-25 | |
| Fix-post-issuance-validation-logic.patch | Fix post-issuance validation logic Rather than adding intermediates in the certificate bundle we now validate the leaf certificate with intermediates as untrusted (used for chain building only). Only the root certificates are used as trust anchor. Not pinning intermediate certificates anymore is in line with Let's Encrypt's latest recommendations: Rotating the set of intermediates we issue from helps keep the Internet agile and more secure. It encourages automation and efficiency, and discourages outdated practices like key pinning. “Key Pinning” is a practice in which clients — either ACME clients getting certificates for their site, or apps connecting to their own backend servers — decide to trust only a single issuing intermediate certificate rather than delegating trust to the system trust store. Updating pinned keys is a manual process, which leads to an increased risk of errors and potential business continuity failures. — https://letsencrypt.org/2024/03/19/new-intermediate-certificates: |
Guilhem Moulin <guilhem@fripost.org> | no | debian | https://git.guilhem.org/lacme/commit/?id=9cb882a468843bf8ce9598de8769d5baaaaae3ea | 2024-06-13 |
| Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch | Adjust test suite against current Let's Encrypt staging environment | Guilhem Moulin <guilhem@fripost.org> | no | https://git.guilhem.org/lacme/commit/?id=98e4397f5330245cb7f8a21054ab078c4d0bba82 | 2024-06-13 |