diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
index 75fbb6cc15..08a0ab2708 100644
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
@@ -1,7 +1,7 @@
 Security
    * With TLS 1.3, when a server enables optional authentication of the
      client, if the client-provided certificate does not have appropriate values
-     in if keyUsage or extKeyUsage extensions, then the return value of
+     in keyUsage or extKeyUsage extensions, then the return value of
      mbedtls_ssl_get_verify_result() would incorrectly have the
      MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
      clear. As a result, an attacker that had a certificate valid for uses other