[openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

Richard Levitte levitte at openssl.org
Fri Jun 1 10:16:19 UTC 2018


PR #6341 (https://github.com/openssl/openssl/pull/6341) is stuck in a
battle of opinions that doesn't seem to get anywhere, so for all
practical purposes, it's currently blocked.

I think that the gist of the difference of opinion is whether it's OK
to use locale dependent functions such as mbstowcs in libcrypto or

The main arguments against allowing such functions in libcrypto is
that we should push applications to run with an UTF-8 input method
(whether that's provided by the terminal driver, or the process
holding the terminal, or the application itself...) rather than have
them call setlocale() with appropriate arguments (which is needed for
mbstowcs to work right).

The main argument for allowing such functions, in this case, is to
make it easy for applications to load what PKCS#12 objects there are
in the wild, no matter what program generated them, rather than force
them to do all the conversion work (locale->UTF-8) and force the users
to regenerate non-compliant PKCS#12 objects (i.e. PKCS#12 objects
previously generated by libcrypto with passphrases encoded in anything
other than ISO-8859-1 or UTF-8).
(to be precise, mbstowcs is needed to convert the passphrase from a
non-UTF-8 encoding to UTF-8, to allow reading of compliant PKCS#12
when run with a non-UTF-8 input method...  running with a UTF-8 input
method is the easy answer, except that this may make some PKCS#12
objects generated with libcrypto unreadable)

Please help settle this (it's possible that this will become implicit


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list