diff options
author | David Woodhouse <dwmw2@infradead.org> | 2017-05-24 12:18:14 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-05-24 22:16:06 +0200 |
commit | cff85f39e438830cb5bc8bf7cb2ed6458670c5be (patch) | |
tree | d27f0fbb6192ec550c519d000ad87d01093eba2a /doc | |
parent | 789d6dddecbc231f5c858d203aab318cf81676fd (diff) | |
download | openssl-cff85f39e438830cb5bc8bf7cb2ed6458670c5be.tar.gz |
Document that PKCS#12 functions assume UTF-8 for passwords
Part of issue #3531
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3535)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/PKCS12_newpass.pod | 12 | ||||
-rw-r--r-- | doc/man3/PKCS12_parse.pod | 9 |
2 files changed, 21 insertions, 0 deletions
diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod index b91051195f..6b22fd7280 100644 --- a/doc/man3/PKCS12_newpass.pod +++ b/doc/man3/PKCS12_newpass.pod @@ -17,6 +17,18 @@ PKCS12_newpass() changes the password of a PKCS12 structure. B<p12> is a pointer to a PKCS12 structure. B<oldpass> is the existing password and B<newpass> is the new password. +=head1 NOTES + +Each of B<oldpass> and B<newpass> is independently interpreted as a string in +the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1 +instead. + +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to UTF-8 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +L<UI_OpenSSL(3)>, for example. + =head1 RETURN VALUES PKCS12_newpass() returns 1 on success or 0 on failure. Applications can diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index 2dfa7e259b..c03c371a6e 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -29,6 +29,15 @@ The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure. +The parameter B<pass> is interpreted as a string in the UTF-8 encoding. If it +is not valid UTF-8, then it is assumed to be ISO8859-1 instead. + +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to UTF-8 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +L<UI_OpenSSL(3)>, for example. + =head1 RETURN VALUES PKCS12_parse() returns 1 for success and zero if an error occurred. |