[SERVER-10346] User prompted for PEM passphrase twice when using SSLPEMKeyFile option Created: 26/Jul/13  Updated: 20/Jul/20  Resolved: 29/Oct/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.1
Fix Version/s: 4.1.5

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: platforms_security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

./mongod --sslOnNormalPorts --sslPEMKeyFile certwithprivkey.pem

Sprint: Platforms 2017-07-10, Platforms 2017-07-31, Security 2018-10-08, Security 2018-10-22, Security 2018-11-05
Participants:
Case:

 Description   

If starting a mongod/s with --sslPEMKeyFile but without --sslPEMKeyPassword the user is prompted for password twice, for the incoming and outgoing connection.



 Comments   
Comment by Githook User [ 29/Oct/18 ]

Author:

{'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}

Message: SERVER-10346: Prevent multiple PEM password prompts
Branch: master
https://github.com/mongodb/mongo/commit/5dc48b8b8b04be74ac508ce6cf3c043941a123c1

Comment by Andreas Nilsson [ 11/Aug/14 ]

Look into using EVP_read_pw_string()

Comment by Andreas Nilsson [ 26/Jul/13 ]

Alternative solutions:

  • Extract the pw from the SSL object if possible, very unlikely.
  • Clone the SSL context and replace the certificate.
  • Prompt for the password ourselves instead of letting OpenSSL do it for us.
Generated at Thu Feb 08 03:22:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.