[GODRIVER-722] Document lack of support for invalid encoding of client X509 PEM files Created: 18/Dec/18  Updated: 01/Aug/22  Resolved: 01/Aug/22

Status: Closed
Project: Go Driver
Component/s: Documentation
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: David Golden Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: techdebt
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Case:

 Description   

Go's crypto library is stricter than other libraries in how it decodes PEM files. In particular, some libraries in the wild are known to generate PEM files with "non minimally-encoded integers". The Go driver will error consuming such files with the message "tls: failed to parse private key". (Several such keys exist in the mongo-tools and MongoDB server repository, which is how I discovered this issue.)

Because these client PEM files work fine with more lax TLS libraries like OpenSSL, users might be confused/surprised/frustrated that they work elsewhere but fail to work with the Go driver. We should document this as a known issue.

Reference: issue#17279


Generated at Thu Feb 08 08:34:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.