[openssl-project] To use or not use the iconv API, and to use or not use other libraries

Viktor Dukhovni openssl-users at dukhovni.org
Thu Jun 7 15:56:00 UTC 2018

> On Jun 7, 2018, at 11:19 AM, Richard Levitte <levitte at openssl.org> wrote:
> Regarding general use of other libraries, please think carefully before voting, 'cause this *is* tricky. If you have a look, you will see that we *currently* depend on certain standard libraries, such as, for example, libdl. And perhaps we should also mention the pile of libraries used with windows.
> In my mind, this makes that more general vote ridiculous, but the matter was brought up to me, and I wasn't going to ignore it, no matter what my personal feelings are.

My concern is not so much whether a dependency on libiconv in libcrypto
should be allowed, but rather wether we actually need it.  I rather
think that all codepage conversions should be the application's job.

Thus, it is OK for *apps* where we prompt for passwords to support
conversion to UTF-8, perhaps via libiconv.  So I see /usr/bin/openssl
linked against the iconv API (which is, for example, in libc on NetBSD
and FreeBSD, and does not require a separate library).  We probably
require libiconv for "openssl pkcs12" to work correctly, but the
dependency should IMHO be in apps not libcrypto.


More information about the openssl-project mailing list