From 18a8698e768d1af59563e275fbfcd48356d24d2c Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 8 Mar 2021 17:38:44 +0000
Subject: [PATCH] Add missing changelog entry

Add missing changelog entry for 4044: Mark basic constraints critical
as appropriate.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 ChangeLog.d/basic-constraints-critical.txt | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 ChangeLog.d/basic-constraints-critical.txt

diff --git a/ChangeLog.d/basic-constraints-critical.txt b/ChangeLog.d/basic-constraints-critical.txt
new file mode 100644
index 000000000..c747ee954
--- /dev/null
+++ b/ChangeLog.d/basic-constraints-critical.txt
@@ -0,0 +1,8 @@
+Bugfix
+   * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
+     consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
+     include this extension in all CA certificates that contain public keys
+     used to validate digital signatures on certificates and MUST mark the
+     extension as critical in such certificates." Previous to this change,
+     the extension was always marked as non-critical. This was fixed by
+     #4044.