RUST-2112 Test connecting with tlsCertificateKeyFilePassword (mongodb…

…#1283)

.evergreen/config.yml

@@ -1529,6 +1529,7 @@ functions:
         args:
           - .evergreen/run-tests.sh
         include_expansions_in_env:
+          - DRIVERS_TOOLS
           - PROJECT_DIRECTORY
           - OPENSSL
           - SINGLE_MONGOS_LB_URI

Cargo.toml

@@ -168,6 +168,7 @@ futures = "0.3"
 hex = "0.4"
 home = "0.5"
 lambda_runtime = "0.6.0"
+pkcs8 = { version = "0.10.2", features = ["3des", "des-insecure", "sha1-insecure"] }
 pretty_assertions = "1.3.0"
 serde = { version = ">= 0.0.0", features = ["rc"] }
 serde_json = "1.0.64"

src/client/options/test.rs

@@ -361,3 +361,39 @@ fn unix_domain_socket_not_allowed() {
         "{message}"
     );
 }
+
+#[cfg(feature = "cert-key-password")]
+#[tokio::test]
+async fn tls_cert_key_password_connect() {
+    use std::path::PathBuf;
+
+    use bson::doc;
+
+    use crate::{
+        options::TlsOptions,
+        test::{get_client_options, log_uncaptured},
+    };
+
+    use super::Tls;
+
+    let mut options = get_client_options().await.clone();
+    if !matches!(options.tls, Some(Tls::Enabled(_))) {
+        log_uncaptured("Skipping tls_cert_key_password_connect: tls not enabled");
+        return;
+    }
+    let mut certpath = PathBuf::from(std::env::var("DRIVERS_TOOLS").unwrap());
+    certpath.push(".evergreen/x509gen");
+    options.tls = Some(Tls::Enabled(
+        TlsOptions::builder()
+            .ca_file_path(certpath.join("ca.pem"))
+            .cert_key_file_path(certpath.join("client-pkcs8-encrypted.pem"))
+            .tls_certificate_key_file_password(b"password".to_vec())
+            .build(),
+    ));
+    let client = Client::with_options(options).unwrap();
+    client
+        .database("test")
+        .run_command(doc! {"ping": 1})
+        .await
+        .unwrap();
+}