[openssl-project] To use or not use the iconv API, and to use or not use other libraries

Richard Levitte levitte at openssl.org
Thu Jun 7 19:35:01 UTC 2018

"Salz, Rich" <rsalz at akamai.com> skrev: (7 juni 2018 21:29:40 CEST)
>>    My main concern is that currently, openssl pkcs12 may create
>broken pkcs12 files (because it misinterprets the pass phrase when
>constructing a BMPString), and doesn't notify the user at all (doesn't
>even check). 
>For those who haven't reada the PR and all its comments, I propose that
>we reject non-ASCII input unless one of two flags is set.  This
>prevents us from unknowingly making the situation worse, and does not
>break interop with our installed base.

So even rejecting correctly encoded utf-8?

Skickat från min Android-enhet med K-9 Mail. Ursäkta min fåordighet.

More information about the openssl-project mailing list