[MacOS] Incompatibility issues with latest p12 certificate

[NicklasWallgren]

The latest p12 certificate for the test environment does not work on MacOS due to an issue with rust-native-tls.

See sfackler/rust-native-tls#19

Could not create a client from the supplied config: Pkcs12Error { source: reqwest::Error { kind: Builder, source: Error { code: -25264, message: "MAC verification failed during PKCS12 import (wrong password?)" } } }

[dlq84]

I think trying native-tls-vendored may fix this, can't confirm since I'm not on Mac. Otherwise I could spend time making this work with rustls instead.

[NicklasWallgren]

native-tls-vendored

I didn't work with native-tls-vendored either unfortunately.

[dlq84]

Alright, thank you. I'll look into it at some point.

[christian-smith]

I think a workaround is to generate a legacy key:

https://stackoverflow.com/questions/70431528/mac-verification-failed-during-pkcs12-import-wrong-password-azure-devops

[dlq84]

Can you guys try the advice found in the openssl-sys crate:

Source: https://docs.rs/crate/openssl-sys/0.9.36

I've had 0 luck on trying to use pure rust to parse the new testcert.p12 too, I've tried the p12 and the cms crate so far but both of them says the format is invalid.

[NicklasWallgren]

I'm currently running openssl@3+ and it doesn't work unfortunately. Mac users are forced to use the legacy format until further notice 😞