[openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)
appro at openssl.org
Fri Jun 1 11:04:08 UTC 2018
> I think that the gist of the difference of opinion is whether it's OK
> to use locale dependent functions such as mbstowcs in libcrypto or
> The main arguments against allowing such functions in libcrypto is
> that we should push applications to run with an UTF-8 input method
> (whether that's provided by the terminal driver, or the process
> holding the terminal, or the application itself...) rather than have
> them call setlocale() with appropriate arguments (which is needed for
> mbstowcs to work right).
Assertion is rather that we can't/shouldn't rely on application to call
setlocale and with argument suitable for specific purpose [of accessing
PKCS#12 in this case]. And since we can't do that, we would be better
off not calling mbstowcs. Because it adds a variable we have no control
over. Given some specific input it would be more honest/appropriate to
return error to application than to make outcome conditional on whether
or not application called setlocale and with which argument. One can
also view it as following: all applications get exactly same treatment.
Pushing applications and users toward UTF-8 input method is merely a
consequence of the suggestion to give all applications same treatment,
it's not alternative by itself.
More information about the openssl-project