[openssl-project] To use or not use the iconv API, and to use or not use other libraries
openssl-users at dukhovni.org
Tue Jun 12 20:02:16 UTC 2018
> On Jun 12, 2018, at 3:39 PM, Richard Levitte <levitte at openssl.org> wrote:
>> The flags I'd like to see are:
>> -latin1: Passphrase is a stream of octets, each of which is a single unicode
>> character in the range 0-255.
> I would prefer to call it -binary or something like that... it
> certainly comes down to the same thing in practice, and should
> translate exactly to the pre-1.1.0 behaviour.
I won't quibble over the name.
>> -utf8: Passphrase is already utf-8 encoded
>> -ascii: Passphrase must be ASCII, reject inadvertent 8-bit input.
> ... and if none of these are given?
Not sure. We could opt for "-binary" by default, which is backwards
compatible, but it produces non-standard outputs, which is a disfavour
to new users. We could go with "-ascii" as a default, forcing failure
for non-ascii passwords without an explicit indication of encoding.
The second seems more appealing to me.
>> And as available:
>> -toutf8: Convert passphrase from the input encoding to UTF-8.
>> Either using the locale-specific encoding, or yet
>> another flag:
>> -encoding: A platform-specific name for the input encoding understood
>> by the system's encoding conversion library (iconv on Unix).
> If the availability of -toutf8 depends on the presumed presence of
> iconv(), then we can assume that nl_langinfo() is present as well.
> That renders -encoding unnecessary, unless you want to use it to
> override the locale-specific encoding.
The purpose is specifically to override the encoding when it is wrong
for some reason. The iconv library takes the empty string as the
locale-specific encoding, so we should not need nl_langinfo(), unless
that's known to produce better results.
More information about the openssl-project