> On Jun 7, 2018, at 11:19 AM, Richard Levitte <levi...@openssl.org> wrote:
> Regarding general use of other libraries, please think carefully before 
> voting, 'cause this *is* tricky. If you have a look, you will see that we 
> *currently* depend on certain standard libraries, such as, for example, 
> libdl. And perhaps we should also mention the pile of libraries used with 
> windows.
> In my mind, this makes that more general vote ridiculous, but the matter was 
> brought up to me, and I wasn't going to ignore it, no matter what my personal 
> feelings are.

My concern is not so much whether a dependency on libiconv in libcrypto
should be allowed, but rather wether we actually need it.  I rather
think that all codepage conversions should be the application's job.

Thus, it is OK for *apps* where we prompt for passwords to support
conversion to UTF-8, perhaps via libiconv.  So I see /usr/bin/openssl
linked against the iconv API (which is, for example, in libc on NetBSD
and FreeBSD, and does not require a separate library).  We probably
require libiconv for "openssl pkcs12" to work correctly, but the
dependency should IMHO be in apps not libcrypto.


openssl-project mailing list

Reply via email to