Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2480

(SSL)windows secure Channel doesn't allow pemkeyfile has password

    • Type: Icon: Bug Bug
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 1.7.0
    • Component/s: libmongoc, tls
    • None

      if I compile the c driver with "-DENABLE_SSL=WINDOWS" (windows secure Channel), connection would be failed if the client pem key file has password.
      the error info of log:
      ****************************************************
      [error@stream-secure-channel] Failed to parse private key. ASN1 bad tag value me
      t.
      (0x8009310B)
      [warning@stream-secure-channel] a client certificate has been requested
      ****************************************************

      note:
      1. I create the private key for the pem file with this command: openssl genrsa -des3 -out server.key 2048 , and then input password : 1234
      using mongo.exe , I can connect with the same pem file and password from my own working computer successfully:
      mongo --host 10.154.10.39 --ssl --authenticationDatabase admin --username user1 -p 123 --sslCAFile d:/ca.pem --sslPEMKeyFile d:/cry.pem --sslPEMKeyPassword 1234
      however, if my program uses the mongocxx driver, always get failed.

      2. if I use the driver which is compiled with "-DENABLE_SSL=OPENSSL", this issue dissapears.

      3. my c++ program source code:
      const auto uri = mongocxx::uri

      { "mongodb://user1:123@10.154.10.39:27017/?authSource=admin&ssl=true" }

      ;
      mongocxx::options::client client_options;
      if (uri.ssl())

      { mongocxx::options::ssl ssl_options; ssl_options.pem_file("d:/cry.pem"); ssl_options.pem_password("1234"); ssl_options.ca_file("d:/ca.pem"); client_options.ssl_opts(ssl_options); }

      ....

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            winnie_quest winnie_quest
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: