On Mon, Aug 14, 2017 at 3:36 PM, Nikos Mavrogiannopoulos <[email protected]> wrote: > On Mon, Aug 14, 2017 at 2:36 PM, David Woodhouse <[email protected]> wrote: >> I actually had a fix for that lying around in my tree for a while; have >> finally pushed it now. Thanks! >> >> I note that the auth-nonascii test still fails on Ubuntu 16.04, as even >> in the trivial case of the default UTF-8 (in my case en_GB) locale, >> GnuTLS won't open the file: >> >> Using certificate file ./certs/user-key-nonascii-password.p12 >> Failed to process PKCS#12 file: The given password contains invalid >> characters. > > Works ok here with 3.5.x. However note that you are using PKCS#12 with > AES, meaning that you are using PKCS#5 which is not well defined with > other than ASCII passwords.
I mentioned AES here because if you would have used RC4 or 3des-pkcs12 it would have been fine (yes WTF). PKCS#12 has its own OIDs for those ciphers and for them it requires UTF-16 to be used. regards, Nikos _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
