Add missing changelog entry Add missing changelog entry for 3698: Mark basic constraints critical as appropriate. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

commit: b4fe1053e476192393131912866923a249416d20 [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Mon Mar 08 17:38:44 2021 +0000
committer: Dave Rodgman <dave.rodgman@arm.com> Mon Mar 08 18:34:24 2021 +0000
tree: 4c2b2ad1b8c6f955f6d21b685d99116114896255
parent: 2d83ac100df8f6aedf6ddfac5fa1aededd55f959 [diff]
diff --git a/ChangeLog.d/basic-constraints-critical.txt b/ChangeLog.d/basic-constraints-critical.txt
new file mode 100644
index 0000000..72e706e
--- /dev/null
+++ b/ChangeLog.d/basic-constraints-critical.txt

@@ -0,0 +1,8 @@
+Bugfix
+   * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
+     consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
+     include this extension in all CA certificates that contain public keys
+     used to validate digital signatures on certificates and MUST mark the
+     extension as critical in such certificates." Previous to this change,
+     the extension was always marked as non-critical. This was fixed by
+     #3698.
commit	b4fe1053e476192393131912866923a249416d20	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Mon Mar 08 17:38:44 2021 +0000
committer	Dave Rodgman <dave.rodgman@arm.com>	Mon Mar 08 18:34:24 2021 +0000
tree	4c2b2ad1b8c6f955f6d21b685d99116114896255
parent	2d83ac100df8f6aedf6ddfac5fa1aededd55f959 [diff]