]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c96ac60)
crypto/x509: don't return nil, nil from SystemCertPool
authorIan Lance Taylor <iant@golang.org>
Fri, 30 Mar 2018 00:55:59 +0000 (17:55 -0700)
committerIan Lance Taylor <iant@golang.org>
Fri, 13 Apr 2018 00:52:47 +0000 (00:52 +0000)
If there are no certs, return an empty pool, not nil.

Fixes #21405

Change-Id: Ib4ac9d5c4a8cef83dd53565b0707a63b73ba0a8b
Reviewed-on: https://go-review.googlesource.com/103596
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
src/crypto/x509/root_plan9.go patch | blob | history
src/crypto/x509/root_unix.go patch | blob | history
src/crypto/x509/root_unix_test.go patch | blob | history
src/crypto/x509/x509_test.go patch | blob | history

diff --git a/src/crypto/x509/root_plan9.go b/src/crypto/x509/root_plan9.go
index ebeb7dfccd86c068c4b42bb6b7f84b58ca010637..09f0e2303395021402c1672fe4b46db069490ae9 100644 (file)
--- a/src/crypto/x509/root_plan9.go
+++ b/src/crypto/x509/root_plan9.go
@@ -33,5 +33,8 @@ func loadSystemRoots() (*CertPool, error) {
                        bestErr = err
                }
        }
+       if bestErr == nil {
+               return roots, nil
+       }
        return nil, bestErr
 }
diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
index 65b5a5fdbccb390d49733f03220e9fbddf19f508..115af6b2f764730f0eb9a2c4afc08b5c30fd74da 100644 (file)
--- a/src/crypto/x509/root_unix.go
+++ b/src/crypto/x509/root_unix.go
@@ -80,7 +80,7 @@ func loadSystemRoots() (*CertPool, error) {
                }
        }
 
-       if len(roots.certs) > 0 {
+       if len(roots.certs) > 0 || firstErr == nil {
                return roots, nil
        }
 
diff --git a/src/crypto/x509/root_unix_test.go b/src/crypto/x509/root_unix_test.go
index 03f935d4e82fda63351cf43bfa3dd1378f13d14d..9e220192b9f53ed265646e06076805ed3586f4e6 100644 (file)
--- a/src/crypto/x509/root_unix_test.go
+++ b/src/crypto/x509/root_unix_test.go
@@ -103,10 +103,6 @@ func TestEnvVars(t *testing.T) {
                        }
 
                        if r == nil {
-                               if tc.cns == nil {
-                                       // Expected nil
-                                       return
-                               }
                                t.Fatal("nil roots")
                        }
 
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 085b12c0013f5a4cfce0998992f84bdcb6c5df5c..388156e209726c37839fadb633a74a315183c815 100644 (file)
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -1656,9 +1656,6 @@ func TestSystemCertPool(t *testing.T) {
        if runtime.GOOS == "windows" {
                t.Skip("not implemented on Windows; Issue 16736, 18609")
        }
-       if runtime.GOOS == "nacl" {
-               t.Skip("not implemented on NaCl; Issue 24561")
-       }
        a, err := SystemCertPool()
        if err != nil {
                t.Fatal(err)
Go GOST TLS 1.3