Hi, > I use the openssl 1.0.2d. > > There is a commented out definition of the PBE_UNICODE define in the > file pkcs12.h > I expected it to be necessary for correct processing of the Cyrillic > symbols in PKCS12 passwords, but my test shows that the password is > correctly processed when the PBE_UNICODE is undefined and locale is set > to ru_RU.utf8. > > Do I miss something or this variable and corresponding #ifdef may be > eliminated?
What is "correctly"? PKCS12 is about interoperability and just because it's consistent with itself doesn't automatically mean it's actually interoperable. The way I read PKCS12 the string should be big-endian UTF-16 one. But what happens now? The string simply gets expanded as if it was plain ASCII. But is it right for UTF8 string that you're surely passing? No, correct procedure should be to convert it to wchar_t and then ensure correct endianness. In other words attempt to pass non-ASCII string at command line or prompt would not do the right thing. But it should also be recognized that deploying mbrtowc in _asc would only be part of the solution. Because interoperability is also about multiple operating systems. I mean we have to consider what happens on other OS, e.g. Windows. And on Windows it's even worse. As it stands now even passing non-ASCII strings as command-line argument [and presumably at prompt] is not an option. Bottom line is that one has to draw conclusion that non-ASCII characters are effectively not supported in pkcs12 utility. Regardless locale. Application programmer can get it right by sticking to _uni interface and performing due conversion to big-endian UTF-16 in own application. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev