[openssl-project] To use or not use the iconv API, and to use or not use other libraries
Richard Levitte
levitte at openssl.org
Thu Jun 7 19:35:01 UTC 2018
"Salz, Rich" <rsalz at akamai.com> skrev: (7 juni 2018 21:29:40 CEST)
>> My main concern is that currently, openssl pkcs12 may create
>broken pkcs12 files (because it misinterprets the pass phrase when
>constructing a BMPString), and doesn't notify the user at all (doesn't
>even check).
>
>
>For those who haven't reada the PR and all its comments, I propose that
>we reject non-ASCII input unless one of two flags is set. This
>prevents us from unknowingly making the situation worse, and does not
>break interop with our installed base.
So even rejecting correctly encoded utf-8?
--
Skickat från min Android-enhet med K-9 Mail. Ursäkta min fåordighet.
More information about the openssl-project
mailing list