Merge pull request #4893 from davidhorstmann-arm/4044-chglog-take2 Create ChangeLog entry correcting the record on #4044

commit: 5e5ca8e3c758f6cb6fd82bf8d7c9409ee6bc3b19 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Thu Aug 26 16:25:10 2021 +0100
committer: GitHub <noreply@github.com> Thu Aug 26 16:25:10 2021 +0100
tree: ca2078fde65fabff3472d4830bd24e92bf38d2e2
parent: f1b0c70fafb50b8827ce41c6d943763195705f71 [diff]
parent: 68e5a221baed317f13b9e8f1ae4ea79b7e447d78 [diff]
diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt
new file mode 100644
index 0000000..213a824
--- /dev/null
+++ b/ChangeLog.d/issue4870.txt

@@ -0,0 +1,10 @@
+Bugfix
+   * Mark basic constraints critical as appropriate. Note that the previous
+     entry for this fix in the 2.16.10 changelog was in error, and it was not
+     included in the 2.16.10 release as was stated.
+     Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC
+     5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in
+     all CA certificates that contain public keys used to validate digital
+     signatures on certificates and MUST mark the extension as critical in
+     such certificates." Previous to this change, the extension was always
+     marked as non-critical. This was fixed by #4044.
commit	5e5ca8e3c758f6cb6fd82bf8d7c9409ee6bc3b19	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Thu Aug 26 16:25:10 2021 +0100
committer	GitHub <noreply@github.com>	Thu Aug 26 16:25:10 2021 +0100
tree	ca2078fde65fabff3472d4830bd24e92bf38d2e2
parent	f1b0c70fafb50b8827ce41c6d943763195705f71 [diff]
parent	68e5a221baed317f13b9e8f1ae4ea79b7e447d78 [diff]