Closed jeffsue closed 4 years ago
jeroen
commented
4 years ago Hmm do you know what kind of format your cert / key is in? Is it a regular rsa key? In R you can do:
library(openssl)
read_cert("yourfile.crt")
read_key("yourkey.pem")And that should show you the key details (format, size).
jeffsue
commented
4 years ago [4096-bit rsa private key] md5: 1a9d299b1a330ad29df5c58ee1419fe5
The original read_key appears to work fine. The error happens when the key is being extracted from the combined cert/key encrypted file that mongolite creates.
jeroen
commented
4 years ago Right, the key seems to be in a format that MacOS does not support. I'm not sure if the nodejs driver uses native macOS SSL backend or OpenSSL.
I'll try to setup a mongo ssl server to test this.
jeroen
commented
4 years ago If you can create a dummy account on your server for me, that would also be really helpful.
jeroen
commented
4 years ago Should be fixed in mongolite 2.2.0 (on cran now).
Environment is mac catalina OS using RStudio. Error is: Warning: [ERROR] Failed importing PEM '/var/folders/hy/vzsydqy95jx2dm6xpc16n8k40000gp/T//Rtmpp36ZlC/file14204350f86f0' (code: -25257)
I was able to connect remotely with the same cert/key files using a nodejs library, so I believe the key and certificate are valid.
The error printout comes from mongolite/src/mongoc/mongoc-secure-transport.c, line 276. The error code is an Apple security code error: errSecUnknownFormat | -25257 | Unknown format in import.
As far as I can tell, mongolite reads the key and cert, then combines them into a temp file and encrypts it. This error is being generated when it's trying to read back that file. The temp file does exist, but I can't run command line openssl functions on it because it's encrypted.