Create ChangeLog entry explaining #4044
The change made by PR #4044 was previously advertised in the
2.16.10 ChangeLog, however #4044 had not yet been merged.
Create a new entry for #4044, with a note that the previous
entry was in error.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt
new file mode 100644
index 0000000..213a824
--- /dev/null
+++ b/ChangeLog.d/issue4870.txt
@@ -0,0 +1,10 @@
+Bugfix
+ * Mark basic constraints critical as appropriate. Note that the previous
+ entry for this fix in the 2.16.10 changelog was in error, and it was not
+ included in the 2.16.10 release as was stated.
+ Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC
+ 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in
+ all CA certificates that contain public keys used to validate digital
+ signatures on certificates and MUST mark the extension as critical in
+ such certificates." Previous to this change, the extension was always
+ marked as non-critical. This was fixed by #4044.