[openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

Kurt Roeckx kurt at roeckx.be
Fri Jun 1 21:51:22 UTC 2018

On Fri, Jun 01, 2018 at 01:20:17PM -0500, Benjamin Kaduk wrote:
> On Fri, Jun 01, 2018 at 12:23:39PM +0000, Salz, Rich wrote:
> > >    I think that the gist of the difference of opinion is whether it's OK
> >     to use locale dependent functions such as mbstowcs in libcrypto or
> >     not.
> >   
> > 
> > Thanks for the summary.
> > 
> > I am against use locale-dependent functions in libcrypto. 
> I think it's pretty clear (at least to me), that such functions do
> not belong in the normal path.  I'd be open to considering them as a
> fallback attempt to read existing data (as opposed to generating new
> encrypted data), but find Andy's argument about nonpredictability
> (combined with David Woodhouse's enumeration of the various cases
> and the minimal utility of such conversions) to be fairly
> compelling.  That is, I am also against the use of functions that
> depend on the current process's locale in libcrypto.  (I phrase this
> slightly differently, in that functions which take an explicit
> locale to use might still be okay, but are not really portable
> enough for us to use, AIUI.)

So it's my understanding that the library functionw will always
work in UTF-8 then, that's just fine for me.

That would then just mean that the apps need to do the correct
thing and convert it to UTF-8.


More information about the openssl-project mailing list