The PR gives you the option to select the encryption method for exporting password protected pfx.
Default for password protected pfx with openssl3 is AES_256_CBC - which your xca package on 22.04 produces and which fail to import on Android, MacOS and Windows.
The xca package on 20.04 uses openssl 1.x which defaults to 3DES_CBC - which can be imported on Android, MacOS and Windows.
This PR gives a configuration option to switch this.
I see your point in not adding options that really should be added upstream.
BUT
- I don't see reaction upstream - and i don't know if upstream is supposed to be build/tested against openssl3 (because there are openssl3 specific patches in the current .deb package).
- xca on 22.04 is broken (at least for me) as it is because I can't export anymore - which worked fine on 20.04
the patch was meant to offer just one way out of this dilemma :)
As this bug effectively breaks functionality (we ran into it by deploying a bunch of non importable client-side .pfx to android users which all failed to import) I wouldn't rate it's importance "Low"
The PR gives you the option to select the encryption method for exporting password protected pfx.
Default for password protected pfx with openssl3 is AES_256_CBC - which your xca package on 22.04 produces and which fail to import on Android, MacOS and Windows.
The xca package on 20.04 uses openssl 1.x which defaults to 3DES_CBC - which can be imported on Android, MacOS and Windows.
see the -legacy Option of the current openssl-pkcs12 manpage. /stackoverflow. com/questions/ 69343254/ the-password- you-entered- is-incorrect- when-importing- pfx-files- to-windows- cer
Or this Thread:
https:/
which sums it up quite nice.
This PR gives a configuration option to switch this.
I see your point in not adding options that really should be added upstream.
BUT
- I don't see reaction upstream - and i don't know if upstream is supposed to be build/tested against openssl3 (because there are openssl3 specific patches in the current .deb package).
- xca on 22.04 is broken (at least for me) as it is because I can't export anymore - which worked fine on 20.04
the patch was meant to offer just one way out of this dilemma :)
As this bug effectively breaks functionality (we ran into it by deploying a bunch of non importable client-side .pfx to android users which all failed to import) I wouldn't rate it's importance "Low"