diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 65c2c1a8d..7cece1b12 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1529,6 +1529,7 @@ functions: args: - .evergreen/run-tests.sh include_expansions_in_env: + - DRIVERS_TOOLS - PROJECT_DIRECTORY - OPENSSL - SINGLE_MONGOS_LB_URI diff --git a/Cargo.toml b/Cargo.toml index e47fa7a98..ae4de5249 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -168,6 +168,7 @@ futures = "0.3" hex = "0.4" home = "0.5" lambda_runtime = "0.6.0" +pkcs8 = { version = "0.10.2", features = ["3des", "des-insecure", "sha1-insecure"] } pretty_assertions = "1.3.0" serde = { version = ">= 0.0.0", features = ["rc"] } serde_json = "1.0.64" diff --git a/src/client/options/test.rs b/src/client/options/test.rs index 502ac04ed..22626ab2f 100644 --- a/src/client/options/test.rs +++ b/src/client/options/test.rs @@ -361,3 +361,39 @@ fn unix_domain_socket_not_allowed() { "{message}" ); } + +#[cfg(feature = "cert-key-password")] +#[tokio::test] +async fn tls_cert_key_password_connect() { + use std::path::PathBuf; + + use bson::doc; + + use crate::{ + options::TlsOptions, + test::{get_client_options, log_uncaptured}, + }; + + use super::Tls; + + let mut options = get_client_options().await.clone(); + if !matches!(options.tls, Some(Tls::Enabled(_))) { + log_uncaptured("Skipping tls_cert_key_password_connect: tls not enabled"); + return; + } + let mut certpath = PathBuf::from(std::env::var("DRIVERS_TOOLS").unwrap()); + certpath.push(".evergreen/x509gen"); + options.tls = Some(Tls::Enabled( + TlsOptions::builder() + .ca_file_path(certpath.join("ca.pem")) + .cert_key_file_path(certpath.join("client-pkcs8-encrypted.pem")) + .tls_certificate_key_file_password(b"password".to_vec()) + .build(), + )); + let client = Client::with_options(options).unwrap(); + client + .database("test") + .run_command(doc! {"ping": 1}) + .await + .unwrap(); +}