I'm having an issue using a p12 without a password, while a cert that has been exported with a password works as expected, trying to create an identity with a p12 without a password throws an incorrect password error:
TlsError { MAC verification failed during PKCS12 import (wrong password?) }
I tried providing an empty password with the same results, maybe I'm missing something, would like some assistance.
Export a p12 without a password and try to run this code
:
use std::path::PathBuf;
use anyhow::Result;
use mysql::{prelude::Queryable, ClientIdentity, Opts, OptsBuilder, Pool, Row, SslOpts};
use tracing::debug;
#[tokio::main]
async fn main() -> Result<()> {
tracing_subscriber::fmt::init();
let identity = ClientIdentity::new(PathBuf::from(
"/Users/dev/certs/client.p12",
))
let ssl_opts = SslOpts::default()
.with_client_identity(Some(identity))
.with_danger_accept_invalid_certs(true);
let builder = OptsBuilder::new()
.ip_or_hostname(Some("localhost"))
.tcp_port(3306)
.user(Some("root"))
.pass(Some("example"))
.db_name(Some("world"))
.tcp_connect_timeout(Some(std::time::Duration::from_secs(15)))
.ssl_opts(ssl_opts);
let opts = Opts::from(builder);
let pool = Pool::new(opts)?;
let mut conn = pool.get_conn()?;
let results: Vec<Row> = conn.query("SELECT * FROM city limit 1")?;
debug!("results: {:?}", results);
Ok(())
}
While changing the identity to provide a password works as expected
let identity = ClientIdentity::new(PathBuf::from(
"/Users/dev/certs/client-1234.p12",
)).with_password("1234");
invm
commented
9 months ago
Hi,
I'm having an issue using a p12 without a password, while a cert that has been exported with a password works as expected, trying to create an identity with a p12 without a password throws an incorrect password error:
I tried providing an empty password with the same results, maybe I'm missing something, would like some assistance.
Export a p12 without a password and try to run this code :
While changing the identity to provide a password works as expected