changelog: document the enforced check on x509 serial setting Signed-off-by: Valerio Setti <vsetti@baylibre.com>

commit: 8cf549d0479402d349081687b3bd347a1236cede [log] [tgz]
author: Valerio Setti <vsetti@baylibre.com> Fri Jan 13 08:41:15 2023 +0100
committer: Valerio Setti <vsetti@baylibre.com> Fri Jan 13 08:41:15 2023 +0100
tree: 8acc70517a7abe7964536bf263a99802230020ee
parent: 5b787142a9968a947f715a30411a585fdde0dd43 [diff]
diff --git a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
new file mode 100644
index 0000000..a85c79b
--- /dev/null
+++ b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
+     whose binary representation is longer than 20 bytes. This was already
+     forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
+     enforced also at code level.
commit	8cf549d0479402d349081687b3bd347a1236cede	[log] [tgz]
author	Valerio Setti <vsetti@baylibre.com>	Fri Jan 13 08:41:15 2023 +0100
committer	Valerio Setti <vsetti@baylibre.com>	Fri Jan 13 08:41:15 2023 +0100
tree	8acc70517a7abe7964536bf263a99802230020ee
parent	5b787142a9968a947f715a30411a585fdde0dd43 [diff]