Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
diff --git a/ChangeLog b/ChangeLog
index 73da67a..dee13ea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,11 @@
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America
+Changes
+ * Certificate verification functions now set flags to -1 in case the full
+ chain was not verified due to an internal error (including in the verify
+ callback) or chain length limitations.
+
= mbed TLS 2.1.8 branch released 2017-06-21
Security