[openssl-project] To use or not use the iconv API, and to use or not use other libraries
rsalz at akamai.com
Mon Jun 11 15:25:23 UTC 2018
> *must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of
the input pass phrase string. PKCS12_generate_mac() will then decode
There are two reasons why users enter "illegal" passwords now, and by now requiring them to make it explicit we can (a) check only for ASCII on current inputs; (b) make them thing about what they're doing and require them to specify; (c) set the expectation that something will change in the future.
More information about the openssl-project