fix: suppress interactive OpenSSL stdin passphrase prompts during mTLS cert loading fallbacks

nbayati · nbayati · commit 41282b8a2a19 · 2026-06-10T06:07:58.000Z
diff --git a/packages/google-auth/google/auth/aio/transport/mtls.py b/packages/google-auth/google/auth/aio/transport/mtls.py
@@ -54,7 +54,9 @@ def make_client_cert_ssl_context(
         try:
             context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
             context.load_cert_chain(
-                certfile=cert_path, keyfile=key_path, password=passphrase_val
+                certfile=cert_path,
+                keyfile=key_path,
+                password=passphrase_val or "",
             )
             return context
         except (ssl.SSLError, OSError, IOError, ValueError, RuntimeError) as exc:
diff --git a/packages/google-auth/google/auth/compute_engine/_mtls.py b/packages/google-auth/google/auth/compute_engine/_mtls.py
@@ -120,7 +120,7 @@ def __init__(
         self.ssl_context = ssl.create_default_context()
         self.ssl_context.load_verify_locations(cafile=mds_mtls_config.ca_cert_path)
         self.ssl_context.load_cert_chain(
-            certfile=mds_mtls_config.client_combined_cert_path
+            certfile=mds_mtls_config.client_combined_cert_path, password=""
         )
         super(MdsMtlsAdapter, self).__init__(*args, **kwargs)
 

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ def __init__(`
`120`	`120`	`self.ssl_context = ssl.create_default_context()`
`121`	`121`	`self.ssl_context.load_verify_locations(cafile=mds_mtls_config.ca_cert_path)`
`122`	`122`	`self.ssl_context.load_cert_chain(`
`123`		`- certfile=mds_mtls_config.client_combined_cert_path`
	`123`	`+ certfile=mds_mtls_config.client_combined_cert_path, password=""`
`124`	`124`	`)`
`125`	`125`	`super(MdsMtlsAdapter, self).__init__(args, *kwargs)`
`126`	`126`