"Salz, Rich" skrev: (11 juni 2018 18:54:37 CEST)
>>Except that, because of the way PKCS12_gen_mac() works, this isn't
>true. If the input pass phrase looks like a UTF-8 encoded string
> (because there are valid characters in other encodings that will like
> like UTF-8 byte sequences),
>Except that, because of the way PKCS12_gen_mac() works, this isn't
true. If the input pass phrase looks like a UTF-8 encoded string
(because there are valid characters in other encodings that will like
like UTF-8 byte sequences), it will be used as if -passutf8 was given
inste
In message
on Mon, 11 Jun 2018 16:17:33 +, Bernd Edlinger
said:
bernd.edlinger> So in my opinion when entering new passwords it should be
restricted to
bernd.edlinger> 7bit ASCII printable characters, except if advised otherwise by
an
bernd.edlinger> option like -pass8bit.
That's Rich'
In message <5ba62036-bd2e-41b7-adf9-25c6c116e...@akamai.com> on Mon, 11 Jun
2018 16:03:48 +, "Salz, Rich" said:
rsalz> >I have zero idea what the doc says, because I haven't seen the docs
rsalz> yet. Did I miss the PR?
rsalz>
rsalz> No. It's posted here on the mailing list for d
On 06/11/18 17:40, Richard Levitte wrote:
> In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun
> 2018 15:25:23 +, "Salz, Rich" said:
>
> rsalz> >*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode
> of
> rsalz> the input pass phrase string. PKC
>I have zero idea what the doc says, because I haven't seen the docs
yet. Did I miss the PR?
No. It's posted here on the mailing list for discussion and reposted here:
+=item B<-passutf8>, B<-pass8bit>
+
+These flags indicate the character set encoding on the password value.
+By defa
In message <80d24b14-f73b-4258-b9ee-bb96f95bd...@akamai.com> on Mon, 11 Jun
2018 15:46:38 +, "Salz, Rich" said:
rsalz> And the docs for this *new flag* explain that the behavior could change
in the future.
I have zero idea what the doc says, because I haven't seen the docs
yet. Did I miss
In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun
2018 15:25:23 +, "Salz, Rich" said:
rsalz> >*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of
rsalz> the input pass phrase string. PKCS12_generate_mac() will then decode
rsalz>
rsalz> I
>However, what's going to happen is that PKCS12_gen_mac() will generate
this for a BMPString:
Which is what we do now, right?
And the docs for this *new flag* explain that the behavior could change in the
future.
To be "pass8bit" means "pass 8bit bytes through to lower layer" But if
In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun
2018 15:25:23 +, "Salz, Rich" said:
rsalz> >*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of
rsalz> the input pass phrase string. PKCS12_generate_mac() will then decode
rsalz>
rsalz> I
>*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of
the input pass phrase string. PKCS12_generate_mac() will then decode
I disagree.
There are two reasons why users enter "illegal" passwords now, and by now
requiring them to make it explicit we can (a) check only for
In message on Mon, 11 Jun
2018 15:06:01 +, "Salz, Rich" said:
rsalz> > If B<-pass8bit> is given, the password is taken to be encoded in
the current
rsalz> > locale, but is still used directly.
rsalz> > A future release might automatically convert the password to valid
UTF-8
rs
* I'm leaving the project.
https://www.youtube.com/watch?v=YtsZoIe3Czk
You have a great deal to be proud of, and OpenSSL is much better for the time
you spent here. We will miss you. I will miss you.
___
openssl-project mailing list
openssl-proj
> If B<-pass8bit> is given, the password is taken to be encoded in the
current
> locale, but is still used directly.
> A future release might automatically convert the password to valid UTF-8
> encoding if this flag is given.
I would propose that "-pass8bit" means that eac
And also: having *runtime* dependencies means that a pkcs12 password file
generated on one system could not be used on another. I am strongly opposed to
introducing that variance, especially in a "compatible" release.
___
openssl-project mailing lis
15 matches
Mail list logo