password is getting requested

[KaiSchwarz-cnic]

somewhere between pem v1.9.7 and 1.12.0 had been a breaking change.
I expect this to be a result of switching to the password file logic.

I upgraded our internal library to pem's most current release and tests are failing.
I'll try to figure out the reason and where it happens.

I'll keep this issue updated. From my first impression it looks like that in the past some error might be returned in case a password was required, but not provided.

Method: readPkcs12

  pem.readPkcs12(pathname, {
      p12Password: passphrase || ''
  }, function(p_err, p_d) {
     if (p_err)
        resolve(p_err);//<--- this seems no longer to be working correctly in case no passphrase was provided
     else
       resolve(p_d);
  });

tracked this further down:

if (options.p12Password) {
    helper.helperCreatePasswordFile({'cipher': '', 'password': options.p12Password, 'passType': 'in'}, args, delTempPWFiles[delTempPWFiles.length])
  }

args stays unchanged in case given password is empty, in version 1.9.7 args included: '-passin', 'pass:' + options.p12Password.

The main reason seems to be the line
if (options.p12Password) {
which wouldn't be truthy in case of an empty string.

and in case that line is commented out, the helper method also doesn't change anything because this line would then lead to return false

if (!(options.password && options.passType)) {
    return false
  }

In case I fix both parts as necessary, it looks like an empty file is not allowed/recognized as password input. Thus it must be handled in the way of mustPass option.

Best
Kai

[KaiSchwarz-cnic]

I'm preparing a PR...