auth-nonascii test fails or segfaults depending on system environment

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Mon Aug 14 06:36:15 PDT 2017

On Mon, Aug 14, 2017 at 2:36 PM, David Woodhouse <dwmw2 at> wrote:
> I actually had a fix for that lying around in my tree for a while; have
> finally pushed it now. Thanks!
> I note that the auth-nonascii test still fails on Ubuntu 16.04, as even
> in the trivial case of the default UTF-8 (in my case en_GB) locale,
> GnuTLS won't open the file:
> Using certificate file ./certs/user-key-nonascii-password.p12
> Failed to process PKCS#12 file: The given password contains invalid characters.

Works ok here with 3.5.x. However note that you are using PKCS#12 with
AES, meaning that you are using PKCS#5 which is not well defined with
other than ASCII passwords. I think versions before 3.5.x will refuse
to accept such passwords as I considered that to be the safe approach
with the under-defined standard.

In later versions gnutls will follow:
(you're co-author :)

But I still worry that no other library follows that path.


More information about the openconnect-devel mailing list