This change affects users who have chosen the configuration options to disable the library's verification of the
extendedKeyUsage fields of x509 certificates.
MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE configuration options are removed and the X509 code now behaves as if they were always enabled. It is consequently not possible anymore to disable at compile time the verification of the
extendedKeyUsage fields of X509 certificates.
The verification of the
extendedKeyUsage fields is important, disabling it can cause security issues and it is thus not recommended. If the verification is for some reason undesirable, it can still be disabled by means of the verification callback function passed to
mbedtls_x509_crt_verify() (see the documentation of this function for more information).