[openssl-project] To use or not use the iconv API, and to use or not use other libraries
Richard Levitte
levitte at openssl.org
Thu Jun 7 18:39:09 UTC 2018
In message <B2EA5A3F-D05E-489C-B480-11FF8CADAC97 at dukhovni.org> on Thu, 7 Jun 2018 11:56:00 -0400, Viktor Dukhovni <openssl-users at dukhovni.org> said:
openssl-users>
openssl-users>
openssl-users> > On Jun 7, 2018, at 11:19 AM, Richard Levitte <levitte at openssl.org> wrote:
openssl-users> >
openssl-users> > Regarding general use of other libraries, please
openssl-users> > think carefully before voting, 'cause this *is*
openssl-users> > tricky. If you have a look, you will see that we
openssl-users> > *currently* depend on certain standard libraries,
openssl-users> > such as, for example, libdl. And perhaps we should
openssl-users> > also mention the pile of libraries used with
openssl-users> > windows.
openssl-users> >
openssl-users> > In my mind, this makes that more general vote
openssl-users> > ridiculous, but the matter was brought up to me, and
openssl-users> > I wasn't going to ignore it, no matter what my
openssl-users> > personal feelings are.
openssl-users>
openssl-users> My concern is not so much whether a dependency on libiconv in libcrypto
openssl-users> should be allowed, but rather wether we actually need it. I rather
openssl-users> think that all codepage conversions should be the application's job.
openssl-users>
openssl-users> Thus, it is OK for *apps* where we prompt for passwords to support
openssl-users> conversion to UTF-8, perhaps via libiconv. So I see /usr/bin/openssl
openssl-users> linked against the iconv API (which is, for example, in libc on NetBSD
openssl-users> and FreeBSD, and does not require a separate library). We probably
openssl-users> require libiconv for "openssl pkcs12" to work correctly, but the
openssl-users> dependency should IMHO be in apps not libcrypto.
Yup, and I did hear you in that other thread. Your argument about
having OSSL_STORE be at liberty to *expect* UTF-8 without having to
check for it made sense to me, and I did move the check and possible
conversion to the application (i.e. 'openssl pkcs12'). That's what
the PR I pointed at is all about.
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-project
mailing list