Add missing changelog entry
Add missing changelog entry for 3698: Mark basic constraints critical
as appropriate.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/ChangeLog.d/basic-constraints-critical.txt b/ChangeLog.d/basic-constraints-critical.txt
new file mode 100644
index 0000000..72e706e
--- /dev/null
+++ b/ChangeLog.d/basic-constraints-critical.txt
@@ -0,0 +1,8 @@
+Bugfix
+ * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
+ consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
+ include this extension in all CA certificates that contain public keys
+ used to validate digital signatures on certificates and MUST mark the
+ extension as critical in such certificates." Previous to this change,
+ the extension was always marked as non-critical. This was fixed by
+ #3698.