From 3ddc2fd406cbcb58b64f30ffae684dc5b7a34469 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 30 Sep 2021 19:02:38 -0500
Subject: add X509_V_FLAG_TRUSTED_FIRST fix

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 0708c77..9f51d2f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,9 @@ LibreSSL Portable Release Notes:
 	* A stack overread could occur when checking X.509 name constraints.
 	  From GoldBinocle on GitHub.
 
+	* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
+	  This compensates for the expiry of the DST Root X3 certificate.
+
 3.3.4 - Security fix
 
 	* In LibreSSL, printing a certificate can result in a crash in
-- 
cgit v1.2.3-55-g6feb