On Mon, Aug 14, 2017 at 2:36 PM, David Woodhouse <dwmw2 at infradead.org> wrote: > I actually had a fix for that lying around in my tree for a while; have > finally pushed it now. Thanks! > > I note that the auth-nonascii test still fails on Ubuntu 16.04, as even > in the trivial case of the default UTF-8 (in my case en_GB) locale, > GnuTLS won't open the file: > > Using certificate file ./certs/user-key-nonascii-password.p12 > Failed to process PKCS#12 file: The given password contains invalid characters. Works ok here with 3.5.x. However note that you are using PKCS#12 with AES, meaning that you are using PKCS#5 which is not well defined with other than ASCII passwords. I think versions before 3.5.x will refuse to accept such passwords as I considered that to be the safe approach with the under-defined standard. In later versions gnutls will follow: https://tools.ietf.org/html/draft-mavrogiannopoulos-pkcs5-passwords-01 (you're co-author :) But I still worry that no other library follows that path. regards, Nikos
