Edit ChangeLog entry Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>

commit: b0b71dc5d5748fec0476d0aac876d95c8bc669bd [log] [tgz]
author: Elena Uziunaite <elena.uziunaite@arm.com> Tue Aug 20 12:11:57 2024 +0100
committer: Elena Uziunaite <elena.uziunaite@arm.com> Tue Aug 20 12:12:50 2024 +0100
tree: 1476cac0ba8f2f75b51557859c6254d9a5144d42
parent: 777e3e77c9ff78039101ab881d53206bb7852082 [diff]
diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
index 12f1bb3..75fbb6c 100644
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt

@@ -1,4 +1,11 @@
-Bugfix
-   * Fix the failure to correctly update verification flags when
-   checking the (ext)KeyUsage extension.
-   Resolves #1260
+Security
+   * With TLS 1.3, when a server enables optional authentication of the
+     client, if the client-provided certificate does not have appropriate values
+     in if keyUsage or extKeyUsage extensions, then the return value of
+     mbedtls_ssl_get_verify_result() would incorrectly have the
+     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
+     clear. As a result, an attacker that had a certificate valid for uses other
+     than TLS client authentication could be able to use it for TLS client
+     authentication anyway. Only TLS 1.3 servers were affected, and only with
+     optional authentication (required would abort the handshake with a fatal
+     alert).
commit	b0b71dc5d5748fec0476d0aac876d95c8bc669bd	[log] [tgz]
author	Elena Uziunaite <elena.uziunaite@arm.com>	Tue Aug 20 12:11:57 2024 +0100
committer	Elena Uziunaite <elena.uziunaite@arm.com>	Tue Aug 20 12:12:50 2024 +0100
tree	1476cac0ba8f2f75b51557859c6254d9a5144d42
parent	777e3e77c9ff78039101ab881d53206bb7852082 [diff]