Support for client side certificate/key password

[mapperr]

Hi,

I don't know if it is on the roadmap, but support for certificate/key password options would be awesome.

Right now httpie triggers std input to get a password, but it's not ideal in scripting.

[daniellimafv]

Hi. What kind of certificate files are we talking about here?

[pogopaule]

Having the same problem. If I provide a password protected PEM file under --cert-key I get ...'Client private key is encrypted, password is required')...

cURL asks for a password in that case.

[isidentical]

@pogopaule would you mind sending the full output with --debug?

[pogopaule]

@isidentical

HTTPie 1.0.3
Requests 2.22.0
Pygments 2.3.1
Python 3.8.10 (default, Nov 26 2021, 20:14:08) 
[GCC 9.3.0]
/usr/bin/python3
Linux 5.10.16.3-microsoft-standard-WSL2

<Environment {
    "colors": 256,
    "config": {
        "__meta__": {
            "about": "HTTPie configuration file",
            "help": "https://httpie.org/doc#config",
            "httpie": "1.0.3"
        },
        "default_options": "[]"
    },
    "config_dir": "/home/pogopaule/.httpie",
    "is_windows": false,
    "stderr": "<_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>",
    "stderr_isatty": false,
    "stdin": "<_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>",
    "stdin_encoding": "utf-8",
    "stdin_isatty": true,
    "stdout": "<_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>",
    "stdout_encoding": "utf-8",
    "stdout_isatty": true
}>

>>> requests.request(**{
    "allow_redirects": false,
    "auth": "None",
    "cert": "('/home/pogopaule/foobar.crt.pem', '/home/pogopaule/foobar.key.pem')",
    "data": {},
    "files": {},
    "headers": {
        "User-Agent": "HTTPie/1.0.3"
    },
    "method": "get",
    "params": {
        "foo": "123",
        "bar": "123"
    },
    "proxies": {},
    "stream": true,
    "timeout": 30,
    "url": "....",
    "verify": true
})


http: error: SSLError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError('Client private key is encrypted, password is required')) while doing GET request to URL: ...
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
    self.sock = ssl_wrap_socket(
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 354, in ssl_wrap_socket
    raise SSLError("Client private key is encrypted, password is required")
urllib3.exceptions.SSLError: Client private key is encrypted, password is required

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError('Client private key is encrypted, password is required'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/http", line 11, in <module>
    load_entry_point('httpie==1.0.3', 'console_scripts', 'http')()
  File "/usr/lib/python3/dist-packages/httpie/__main__.py", line 11, in main
    sys.exit(main())
  File "/usr/lib/python3/dist-packages/httpie/core.py", line 224, in main
    exit_status = program(
  File "/usr/lib/python3/dist-packages/httpie/core.py", line 99, in program
    final_response = get_response(args, config_dir=env.config.directory)
  File "/usr/lib/python3/dist-packages/httpie/client.py", line 72, in get_response
    response = requests_session.request(**kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError('Client private key is encrypted, password is required'))

[isidentical]

This seems like a very old version, would you mind upgrading to 3.0+?

[pogopaule]

Ah damn always forget that Debian packages lag behind quite a bit...But it is the same with 3.0.2

HTTPie 3.0.2
Requests 2.27.1
Pygments 2.11.2
Python 3.10.2 (main, Jan 19 2022, 12:23:52) [GCC 9.3.0]
/home/pogopaule/.pyenv/versions/3.10.2/bin/python
Linux 5.10.16.3-microsoft-standard-WSL2

<Environment {'as_silent': <function Environment.as_silent at 0x7f7d1c06e950>,
 'colors': 256,
 'config': {'__meta__': {'about': 'HTTPie configuration file',
                         'help': 'https://httpie.org/doc#config',
                         'httpie': '1.0.3'},
            'default_options': []},
 'config_dir': PosixPath('/home/pogopaule/.httpie'),
 'devnull': <property object at 0x7f7d1c2e71f0>,
 'is_windows': False,
 'log_error': <function Environment.log_error at 0x7f7d1c06e9e0>,
 'program_name': '__main__.py',
 'stderr': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>,
 'stderr_isatty': False,
 'stdin': <_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>,
 'stdin_encoding': 'utf-8',
 'stdin_isatty': True,
 'stdout': <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>,
 'stdout_encoding': 'utf-8',
 'stdout_isatty': True}>

<PluginManager {'adapters': [],
 'auth': [<class 'httpie.plugins.builtin.BasicAuthPlugin'>,
          <class 'httpie.plugins.builtin.DigestAuthPlugin'>,
          <class 'httpie.plugins.builtin.BearerAuthPlugin'>],
 'converters': [],
 'formatters': [<class 'httpie.output.formatters.headers.HeadersFormatter'>,
                <class 'httpie.output.formatters.json.JSONFormatter'>,
                <class 'httpie.output.formatters.xml.XMLFormatter'>,
                <class 'httpie.output.formatters.colors.ColorFormatter'>]}>

>>> requests.request(**{'auth': None,
 'data': RequestJSONDataDict(),
 'headers': <HTTPHeadersDict('User-Agent': b'HTTPie/3.0.2')>,
 'method': 'get',
 'params': <generator object MultiValueOrderedDict.items at 0x7f7d1bf4dc40>,
 'url': '...'})


__main__.py: error: SSLError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError('Client private key is encrypted, password is required')) while doing a GET request to URL:... 

Traceback (most recent call last):
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn
    conn.connect()
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/connection.py", line 416, in connect
    self.sock = ssl_wrap_socket(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 414, in ssl_wrap_socket
    raise SSLError("Client private key is encrypted, password is required")
urllib3.exceptions.SSLError: Client private key is encrypted, password is required

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/requests/adapters.py", line 440, in send
    resp = conn.urlopen(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/connectionpool.py", line 785, in urlopen
    retries = retries.increment(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/urllib3/util/retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError('Client private key is encrypted, password is required'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/__main__.py", line 19, in <module>
    sys.exit(main())
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/__main__.py", line 9, in main
    exit_status = main()
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/core.py", line 154, in main
    return raw_main(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/core.py", line 128, in raw_main
    handle_generic_error(propagated_exc, annotation=annotation)
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/core.py", line 92, in raw_main
    exit_status = main_program(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/core.py", line 204, in program
    for message in messages:
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/httpie/client.py", line 107, in collect_messages
    response = requests_session.send(
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/requests/sessions.py", line 645, in send
    r = adapter.send(request, **kwargs)
  File "/home/pogopaule/.pyenv/versions/3.10.2/lib/python3.10/site-packages/requests/adapters.py", line 517, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError('Client private key is encrypted, password is required'))

[isidentical]

Thanks for the full report, we'll look into it @pogopaule