[SERVER-34742] Stop running ssl_cert_password.js on OS X Created: 29/Apr/18  Updated: 29/Oct/23  Resolved: 30/Apr/18

Status: Closed
Project: Core Server
Component/s: Security, Testing Infrastructure
Affects Version/s: None
Fix Version/s: 3.4.16, 3.6.5, 4.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Max Hirschhorn Assignee: Max Hirschhorn
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
is related to TOOLS-1948 Use Go-native TLS dialer on platforms... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.6, v3.4
Sprint: TIG 2018-05-07
Participants:
Linked BF Score: 43

 Description   

As mentioned in https://github.com/golang/go/issues/8860, golang doesn't support parsing PKCS#8 encrypted private keys despite it being the default format since OpenSSL 1.0.0. The changes from TOOLS-1948 have dropped support for using OpenSSL 0.9.x in favor of using golang's crypto/tls package.

Converting jstests/libs/password_protected.pem from a PKCS#8 encrypted private key shouldn't cause a loss in test coverage because the JavaScript tests which use jstests/libs/password_protected.pem care only that a password is required and not what mechanism was used for the encryption. There isn't an encrypted private key format that is supported by the mongo shell, the server, and the mongo tools across all platforms.



 Comments   
Comment by Githook User [ 24/Jun/18 ]

Author:

{'username': 'visemet', 'name': 'Max Hirschhorn', 'email': 'max.hirschhorn@mongodb.com'}

Message: SERVER-34742 Stop running ssl_cert_password.js on OS X.

The mongo tools do not support parsing PKCS#8 encrypted private keys
when not using OpenSSL.

(cherry picked from commit 5cdc5876102d8f3280d76cc5d0d43a5bf52e7811)
Branch: v3.4
https://github.com/mongodb/mongo/commit/7240c4719f9b68955225d9abb2e5eb10bf8c0227

Comment by Githook User [ 01/May/18 ]

Author:

{'email': 'max.hirschhorn@mongodb.com', 'name': 'Max Hirschhorn', 'username': 'visemet'}

Message: SERVER-34742 Stop running ssl_cert_password.js on OS X.

The mongo tools do not support parsing PKCS#8 encrypted private keys
when not using OpenSSL.

(cherry picked from commit 5cdc5876102d8f3280d76cc5d0d43a5bf52e7811)
Branch: v3.6
https://github.com/mongodb/mongo/commit/1f82d402517a6f45a3fb468f2ac0de9b266d79fd

Comment by Githook User [ 01/May/18 ]

Author:

{'email': 'max.hirschhorn@mongodb.com', 'name': 'Max Hirschhorn', 'username': 'visemet'}

Message: SERVER-34742 Stop running ssl_cert_password.js on OS X.

The mongo tools do not support parsing PKCS#8 encrypted private keys
when not using OpenSSL.
Branch: master
https://github.com/mongodb/mongo/commit/5cdc5876102d8f3280d76cc5d0d43a5bf52e7811

Comment by Githook User [ 01/May/18 ]

Author:

{'email': 'max.hirschhorn@mongodb.com', 'username': 'visemet', 'name': 'Max Hirschhorn'}

Message: SERVER-34742 Stop running ssl_cert_password.js on OS X.

The mongo tools do not support parsing PKCS#8 encrypted private keys
when not using OpenSSL.

(cherry picked from commit 5cdc5876102d8f3280d76cc5d0d43a5bf52e7811)
Branch: v3.6
https://github.com/mongodb/mongo/commit/1f82d402517a6f45a3fb468f2ac0de9b266d79fd

Comment by Githook User [ 30/Apr/18 ]

Author:

{'email': 'max.hirschhorn@mongodb.com', 'username': 'visemet', 'name': 'Max Hirschhorn'}

Message: SERVER-34742 Stop running ssl_cert_password.js on OS X.

The mongo tools do not support parsing PKCS#8 encrypted private keys
when not using OpenSSL.
Branch: master
https://github.com/mongodb/mongo/commit/5cdc5876102d8f3280d76cc5d0d43a5bf52e7811

Generated at Thu Feb 08 04:37:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.