add X509_V_FLAG_TRUSTED_FIRST fix

2026-01-17 21:51:17 +01:00 · 2021-09-30 19:47:13 -05:00
parent 73329bba76
commit 7fc7656ede
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@@ -33,6 +33,9 @@ LibreSSL Portable Release Notes:
 	* A stack overread could occur when checking X.509 name constraints.
 	  From GoldBinocle on GitHub.

+	* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
+	  This compensates for the expiry of the DST Root X3 certificate.
+
 3.2.6 - Security fix

 	* In LibreSSL, printing a certificate can result in a crash in