Create ChangeLog entry explaining #4044

The change made by PR #4044 was previously advertised in the 2.16.10 ChangeLog, however #4044 had not yet been merged. Create a new entry for #4044, with a note that the previous entry was in error. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2026-05-05 01:23:39 +02:00 · 2021-08-24 12:05:13 +01:00
parent e115547417
commit 68e5a221ba
1 changed files with 10 additions and 0 deletions
--- a/ChangeLog.d/issue4870.txt
+++ b/ChangeLog.d/issue4870.txt
@@ -0,0 +1,10 @@
+Bugfix
+   * Mark basic constraints critical as appropriate. Note that the previous
+     entry for this fix in the 2.16.10 changelog was in error, and it was not
+     included in the 2.16.10 release as was stated.
+     Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC
+     5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in
+     all CA certificates that contain public keys used to validate digital
+     signatures on certificates and MUST mark the extension as critical in
+     such certificates." Previous to this change, the extension was always
+     marked as non-critical. This was fixed by #4044.