From 68e5a221baed317f13b9e8f1ae4ea79b7e447d78 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 24 Aug 2021 12:05:13 +0100 Subject: [PATCH] Create ChangeLog entry explaining #4044 The change made by PR #4044 was previously advertised in the 2.16.10 ChangeLog, however #4044 had not yet been merged. Create a new entry for #4044, with a note that the previous entry was in error. Signed-off-by: David Horstmann --- ChangeLog.d/issue4870.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 ChangeLog.d/issue4870.txt diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt new file mode 100644 index 0000000000..213a824835 --- /dev/null +++ b/ChangeLog.d/issue4870.txt @@ -0,0 +1,10 @@ +Bugfix + * Mark basic constraints critical as appropriate. Note that the previous + entry for this fix in the 2.16.10 changelog was in error, and it was not + included in the 2.16.10 release as was stated. + Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC + 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in + all CA certificates that contain public keys used to validate digital + signatures on certificates and MUST mark the extension as critical in + such certificates." Previous to this change, the extension was always + marked as non-critical. This was fixed by #4044.