Don’t segfault when the CA certificate chains are missing

[andrewshadura]

trafficstars

This error is reproducible with 0.3.0:

=== RUN   TestConfigServerTLSClientCASet
--- FAIL: TestConfigServerTLSClientCASet (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x548ecb]

goroutine 8 [running]:
testing.tRunner.func1(0xc4200a63c0)
	/usr/lib/go-1.9/src/testing/testing.go:711 +0x2d2
panic(0x58f140, 0x69df40)
	/usr/lib/go-1.9/src/runtime/panic.go:491 +0x283
crypto/x509.(*CertPool).AddCert(0x0, 0xc4200ea000)
	/usr/lib/go-1.9/src/crypto/x509/cert_pool.go:95 +0x6b
crypto/x509.(*CertPool).AppendCertsFromPEM(0x0, 0xc4200e0900, 0x620, 0x820, 0x820)
	/usr/lib/go-1.9/src/crypto/x509/cert_pool.go:128 +0x13a
github.com/docker/go-connections/tlsconfig.certPool(0x5c74d6, 0x2e, 0x5c7100, 0x2c, 0xc4200dca40, 0x1)
	/<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/src/github.com/docker/go-connections/tlsconfig/config.go:105 +0x283
github.com/docker/go-connections/tlsconfig.Server(0x5c74d6, 0x2e, 0x5c728d, 0x2d, 0x5c712d, 0x2c, 0x0, 0x3, 0x0, 0x0, ...)
	/<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/src/github.com/docker/go-connections/tlsconfig/config.go:232 +0x564
github.com/docker/go-connections/tlsconfig.TestConfigServerTLSClientCASet(0xc4200a63c0)
	/<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/src/github.com/docker/go-connections/tlsconfig/config_test.go:175 +0x109
testing.tRunner(0xc4200a63c0, 0x5ca8d8)
	/usr/lib/go-1.9/src/testing/testing.go:746 +0xd0
created by testing.(*T).Run
	/usr/lib/go-1.9/src/testing/testing.go:789 +0x2de
exit status 2
FAIL	github.com/docker/go-connections/tlsconfig	0.027s

Here's the full log (originally at buildd.debian.org). See also Debian bug #871651

[andrewshadura]

Right, I’ve found the reason: ca-certificates package wasn't installed. I guess this situation could have been handled better somehow…