From 7fc7656ede488673a50c0234a36379f3165fa2dd Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 30 Sep 2021 19:47:13 -0500
Subject: add X509_V_FLAG_TRUSTED_FIRST fix

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 5336146..b6f8669 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,9 @@ LibreSSL Portable Release Notes:
 	* A stack overread could occur when checking X.509 name constraints.
 	  From GoldBinocle on GitHub.
 
+	* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
+	  This compensates for the expiry of the DST Root X3 certificate.
+
 3.2.6 - Security fix
 
 	* In LibreSSL, printing a certificate can result in a crash in
-- 
cgit v1.2.3-55-g6feb