[openssl-project] To use or not use the iconv API, and to use or not use other libraries

Salz, Rich rsalz at akamai.com
Thu Jun 7 19:29:40 UTC 2018


>    My main concern is that currently, openssl pkcs12 may create broken pkcs12 files (because it misinterprets the pass phrase when constructing a BMPString), and doesn't notify the user at all (doesn't even check). 
 

For those who haven't reada the PR and all its comments, I propose that we reject non-ASCII input unless one of two flags is set.  This prevents us from unknowingly making the situation worse, and does not break interop with our installed base.



More information about the openssl-project mailing list