| David Horstmann | 68e5a22 | 2021-08-24 12:05:13 +0100 | [diff] [blame^] | 1 | Bugfix |
| 2 | * Mark basic constraints critical as appropriate. Note that the previous |
| 3 | entry for this fix in the 2.16.10 changelog was in error, and it was not |
| 4 | included in the 2.16.10 release as was stated. |
| 5 | Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC |
| 6 | 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in |
| 7 | all CA certificates that contain public keys used to validate digital |
| 8 | signatures on certificates and MUST mark the extension as critical in |
| 9 | such certificates." Previous to this change, the extension was always |
| 10 | marked as non-critical. This was fixed by #4044. |