From e29d7be48e95647236275fb8dff936b4b565b544 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 8 Oct 2025 10:49:24 +0100
Subject: [PATCH] Add ChangeLog entry for verify_result hardening

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 ChangeLog.d/verify-result-default-value.txt | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 ChangeLog.d/verify-result-default-value.txt

diff --git a/ChangeLog.d/verify-result-default-value.txt b/ChangeLog.d/verify-result-default-value.txt
new file mode 100644
index 0000000000..d85dfe2670
--- /dev/null
+++ b/ChangeLog.d/verify-result-default-value.txt
@@ -0,0 +1,5 @@
+Changes
+   * Harden mbedtls_ssl_get_verify_result() against misuse.
+     Return failure if the handshake has not yet been attempted. Previously
+     the result of verification was zero-initialized so the function would
+     return 0 (indicating success).