From 903b6aa87d868f21c3fa5aa100020907a2fa7ba9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 5 Jan 2023 17:06:14 +0100 Subject: [PATCH] Changelog: list changes in x509write_crt module Signed-off-by: Valerio Setti --- ...rove_x509_cert_writing_serial_number_management.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt diff --git a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt new file mode 100644 index 000000000..64d1b279a --- /dev/null +++ b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt @@ -0,0 +1,10 @@ +Bugfix + * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers + whose binary representation is longer than 20 bytes. This was already + forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being + enforced also at code level. + +New deprecations + * mbedtls_x509write_crt_set_serial() is now being deprecated in favor of + mbedtls_x509write_crt_set_serial_new(). The goal here is to remove any + direct dependency of X509 from BIGNUM_C.