Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

"Salz, Rich" skrev: (11 juni 2018 18:54:37 CEST) >>Except that, because of the way PKCS12_gen_mac() works, this isn't >true. If the input pass phrase looks like a UTF-8 encoded string > (because there are valid characters in other encodings that will like > like UTF-8 byte sequences),

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

>Except that, because of the way PKCS12_gen_mac() works, this isn't true. If the input pass phrase looks like a UTF-8 encoded string (because there are valid characters in other encodings that will like like UTF-8 byte sequences), it will be used as if -passutf8 was given inste

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

In message on Mon, 11 Jun 2018 16:17:33 +, Bernd Edlinger said: bernd.edlinger> So in my opinion when entering new passwords it should be restricted to bernd.edlinger> 7bit ASCII printable characters, except if advised otherwise by an bernd.edlinger> option like -pass8bit. That's Rich'

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

In message <5ba62036-bd2e-41b7-adf9-25c6c116e...@akamai.com> on Mon, 11 Jun 2018 16:03:48 +, "Salz, Rich" said: rsalz> >I have zero idea what the doc says, because I haven't seen the docs rsalz> yet. Did I miss the PR? rsalz> rsalz> No. It's posted here on the mailing list for d

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

On 06/11/18 17:40, Richard Levitte wrote: > In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun > 2018 15:25:23 +, "Salz, Rich" said: > > rsalz> >*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode > of > rsalz> the input pass phrase string. PKC

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

>I have zero idea what the doc says, because I haven't seen the docs yet. Did I miss the PR? No. It's posted here on the mailing list for discussion and reposted here: +=item B<-passutf8>, B<-pass8bit> + +These flags indicate the character set encoding on the password value. +By defa

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

In message <80d24b14-f73b-4258-b9ee-bb96f95bd...@akamai.com> on Mon, 11 Jun 2018 15:46:38 +, "Salz, Rich" said: rsalz> And the docs for this *new flag* explain that the behavior could change in the future. I have zero idea what the doc says, because I haven't seen the docs yet. Did I miss

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun 2018 15:25:23 +, "Salz, Rich" said: rsalz> >*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of rsalz> the input pass phrase string. PKCS12_generate_mac() will then decode rsalz> rsalz> I

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

>However, what's going to happen is that PKCS12_gen_mac() will generate this for a BMPString: Which is what we do now, right? And the docs for this *new flag* explain that the behavior could change in the future. To be "pass8bit" means "pass 8bit bytes through to lower layer" But if

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun 2018 15:25:23 +, "Salz, Rich" said: rsalz> >*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of rsalz> the input pass phrase string. PKCS12_generate_mac() will then decode rsalz> rsalz> I

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

>*must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of the input pass phrase string. PKCS12_generate_mac() will then decode I disagree. There are two reasons why users enter "illegal" passwords now, and by now requiring them to make it explicit we can (a) check only for

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

In message on Mon, 11 Jun 2018 15:06:01 +, "Salz, Rich" said: rsalz> > If B<-pass8bit> is given, the password is taken to be encoded in the current rsalz> > locale, but is still used directly. rsalz> > A future release might automatically convert the password to valid UTF-8 rs

Re: [openssl-project] [openssl-omc] stepping down from OMC

* I'm leaving the project. https://www.youtube.com/watch?v=YtsZoIe3Czk You have a great deal to be proud of, and OpenSSL is much better for the time you spent here. We will miss you. I will miss you. ___ openssl-project mailing list openssl-proj

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

> If B<-pass8bit> is given, the password is taken to be encoded in the current > locale, but is still used directly. > A future release might automatically convert the password to valid UTF-8 > encoding if this flag is given. I would propose that "-pass8bit" means that eac

Re: [openssl-project] To use or not use the iconv API, and to use or not use other libraries

And also: having *runtime* dependencies means that a pkcs12 password file generated on one system could not be used on another. I am strongly opposed to introducing that variance, especially in a "compatible" release. ___ openssl-project mailing lis