From 231649a0205e2f939622eb2fc80fbb970552fc3a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 31 May 2021 13:03:25 +0200 Subject: [PATCH] Changing the migration guide entry wording. Signed-off-by: TRodziewicz --- ...emove_supp_for_extensions_in_pre-v3_X_509_certs.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md b/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md index 8484dfbbc3..4c87f038fc 100644 --- a/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md +++ b/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md @@ -1,11 +1,14 @@ Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option -- -This change does not affect users who are working with current V3 X.509 -certificates. +This change does not affect users who were using the default configuration, as +this option was already disabled by default. Also, it does not affect users who +are working with current V3 X.509 certificates. -This change makes the pre-V3 X.509 certificates both with or without optional -extensions obsolete. +Extensions were added in V3 of the X.509 specification, so pre-V3 certificates +containing extensions were never compliant. Mbed TLS now rejects them with a +parsing error in all configurations, as it did previously in the default +configuration. If you are working with the pre-V3 certificates you need to switch to the current ones.