ssl behaviour with passphrase certs is broken

[tarzanek]

scylla-cqlsh 6.0.11

when used with ssl:

$ .local/bin/cqlsh --ssl X.X.X.X
Enter PEM pass phrase:
Enter PEM pass phrase:
Enter PEM pass phrase:
Enter PEM pass phrase:
Enter PEM pass phrase:
Connected to XXXX at X.X.X.X:19142.
[cqlsh 6.0.11 | Scylla 2022.2.12-0.20230727.f4448d5b0265 | CQL spec 3.3.1 | Native protocol v4]
Use HELP for help.
cqlsh> Enter PEM pass phrase:

while original 2022.2.12 cqlsh works:

$ cqlsh --ssl $HOSTNAME
Enter PEM pass phrase:
Enter PEM pass phrase:
Connected to XXXX at X.X.X.X:19142.
[cqlsh 5.0.1 | Cassandra 3.0.8 | CQL spec 3.3.1 | Native protocol v4]
Use HELP for help.
cqlsh>
cqlsh> desc schema;
...

Scylla is of course enabled with SSL and certificates, client cqlshrc:

$ cat ~/.cassandra/cqlshrc
[cql]
version = 3.3.1
[connection]
hostname = X.X.X.X
port = 19142
#factory = cqlshlib.ssl.ssl_transport_factory
[ssl]
certfile = ~/TLS/root_ca.crt
validate = false
userkey = ~/TLS/scylla-server.key
usercert = ~/TLS/scylla-server.crt

local certificates are protected by a pass phrase

[fruch]

I can confirm I can see the same issue.

I think it's due the fact this now uses the shared aware driver with open more connections and might open then in parallel, which kind of break the UI which asks for the phrase.

• So first we should see if disabling shared aware helps, not the best option, but maybe cqlsh can by default without shard awareness.

• check if we can switch into using ssl context, so it might ask for the passphrase once before even hitting the driver

[fruch]

switching to ssl context seems to be working much better (even then previous versions, since it would ask for it just once)