mongosh version 2.8.1 unable to decrypt private key with special characters in password

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: 2.8.1
    • Component/s: CLI Module
    • None
    • Environment:
      OS: Debian 12.X
      mongosh version 2.8.1
    • 1
    • None
    • Developer Tools

      Problem Statement/Rationale

      mongosh version 2.8.1 unable to decrypt private key with special characters in password

      Please be sure to attach relevant logs with any sensitive data redacted.
      How to retrieve logs for: Compass; Shell

      mongodb@376f577a0a75:/$ mongosh --version
2.8.1
mongodb@376f577a0a75:/$ mongosh "mongodb://mongodb-1.internal:27017,mongodb-2.internal:27017" --tls --tlsCAFile /etc/ssl/certs/mongoca.pem --tlsCertificateKeyFile /etc/ssl/certs/public_private.pem --authenticationMechanism MONGODB-X509 --authenticationDatabase='$external'
Enter TLS key file password: ************
Current Mongosh Log ID: 69ccf33da6992e32b2d805da
Connecting to:          mongodb://mongodb-1.internal:27017,mongodb-2.internal:27017/?tls=true&tlsCAFile=%2Fetc%2Fssl%2Fcerts%2Fmongoca.pem&tlsCertificateKeyFile=%2Fetc%2Fssl%2Fcerts%2Fpublic_private.pem&authMechanism=MONGODB-X509&authSource=%24external&appName=mongosh+2.8.1&tlsCertificateKeyFilePassword=<credentials>
MongoServerSelectionError: error:1C800064:Provider routines::bad decrypt// code placeholder

      Steps to Reproduce

      How could an engineer rep

      Create the tlsCertificateKeyFile 

# Create a Key with password as password1

openssl genrsa -aes256 -out private_key.pem 2048 
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

# Create a CSR and get the certificate from the Mongo CA

Create a combined tlsCertificateKeyFile 
# Try Login
mongosh "mongodb://mongodb-1.internal:27017,mongodb-2.internal:27017" --tls --tlsCAFile /etc/ssl/certs/mongoca.pem --tlsCertificateKeyFile /etc/ssl/certs/public_private.pem --authenticationMechanism MONGODB-X509 --authenticationDatabase='$external'
Enter TLS key file password: <password is password1> 

This works. 

# Create a Key with password as password@1
Repeat the same steps to create the cert and combined tlsCertificateKeyFile 

mongosh "mongodb://mongodb-1.internal:27017,mongodb-2.internal:27017" --tls --tlsCAFile /etc/ssl/certs/mongoca.pem --tlsCertificateKeyFile /etc/ssl/certs/public_private.pem --authenticationMechanism MONGODB-X509 --authenticationDatabase='$external'
Enter TLS key file password: <password is password@1> 

this will FAIL with 
MongoServerSelectionError: error:1C800064:Provider routines::bad decrypt

Also, 
if I pass --tlsCertificateKeyFilePassword password@1 it works

mongosh "mongodb://mongodb-1.internal:27017,mongodb-2.internal:27017" --tls --tlsCAFile /etc/ssl/certs/mongoca.pem --tlsCertificateKeyFile /etc/ssl/certs/public_private.pem --authenticationMechanism MONGODB-X509 --authenticationDatabase='$external' --tlsCertificateKeyFilePassword password@1

       

      Expected Results

      Should be able to have special characters in the password

      Actual Results

       

      Additional Notes

      Any additional information that may be useful to include.

            Assignee:
            Unassigned
            Reporter:
            Jnana A
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: