[openssl-project] To use or not use the iconv API, and to use or not use other libraries
rsalz at akamai.com
Thu Jun 7 14:50:57 UTC 2018
I see you already started the votes. No time for discussion?
I think OpenSSL should be a "fundamental" system library. Perhaps the apps are different, but it should not require new libraries but could use them if available -- either at run-time or via config/build.
I think iconv in particular is a bad thing to require at this time, in a 1.1.1 release. It's not clear to me that it meets our API/ABI compatibility guarantee. I also dislike iconv because of its size, the fact that it is a gross collection of hacks -- not its fault, it's the nature of charsets -- and that it is not universal. This means that apps that "do the right thing" on some platforms, will FAIL to do so on opthers.
It is very very late in the release process to be adding a new dependency.
Finally, I believe that for this particular issue, we can add an API that enables applications to do the right thing, and we can add flags and warnings to the command-line that make it more clear when a user isn't doing the right thing (such as because they have existing files they need to read).
On 6/7/18, 8:04 AM, "Richard Levitte" <levitte at openssl.org> wrote:
This PR has been blocked, forcing a vote:
Background: we have been sloppy when producing PKCS#12 files, creating
objects that aren't interoperable. This can only happen with non-UTF8
input methods, so this PR adds a higher level of control in the
openssl application, so that it will do the best it can to make sure a
pass phrase encoded with something other than UTF-8 gets correctly
re-encoded, and failing that, try and make the user aware that they
are about to create a non-interoperable object. This triggered the
use of the iconv API, and in the case of Mac OS/X, the use of the
separate libiconv library.
I'm going to make this into two votes, as both topics have come out
because of this.
1. A vote about general use of other libraries, limited to standard
system libraries, which may be platform dependent (I expect
libiconv on Mac OS/X to be such a library)
2. A vote about the use of the iconv API
Please discuss here, no in the vote threads.
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
openssl-project mailing list
openssl-project at openssl.org
More information about the openssl-project