Details
Medium
Description
If no trust roots are installed on the system and ServerCertificate is present then mender client fails with:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1090f4]
goroutine 1 [running]
panic(0x2d4530, 0x1071e008)
/sources/go/src/runtime/panic.go:500 +0x33c
crypto/x509.(*CertPool).AddCert(0x0, 0x10769b00)
/sources/go/src/crypto/x509/cert_pool.go:74 +0x74
crypto/x509.(*CertPool).AppendCertsFromPEM(0x0, 0x10b8aa5f, 0x254, 0x454, 0x600)
/sources/go/src/crypto/x509/cert_pool.go:113 +0x148
github.com/mendersoftware/mender/client.loadServerTrust(0x0, 0x0, 0x0, 0x0, 0x10711620, 0x16, 0x0, 0x32, 0x0, 0x0)
/root/go/src/github.com/mendersoftware/mender/client/client.go:204 +0x174
github.com/mendersoftware/mender/client.newHttpsClient(0x0, 0x0, 0x0, 0x0, 0x10711620, 0x16, 0x0, 0x6, 0x0, 0x0)
/root/go/src/github.com/mendersoftware/mender/client/client.go:147 +0xa4
github.com/mendersoftware/mender/client.New(0x0, 0x0, 0x0, 0x0, 0x10711620, 0x16, 0x0, 0x0, 0x0, 0x0)
/root/go/src/github.com/mendersoftware/mender/client/client.go:115 +0x3f8
main.NewMender(0x1079ae20, 0x4, 0x30c2f0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1079ae90, ...)
/root/go/src/github.com/mendersoftware/mender/mender.go:192 +0x1d4
main.doBootstrapAuthorize(0x10762780, 0x10712440, 0x0, 0x0)
/root/go/src/github.com/mendersoftware/mender/main.go:284 +0xe8
main.doMain(0x1070c158, 0x1, 0x1, 0x0, 0x0)
/root/go/src/github.com/mendersoftware/mender/main.go:415 +0x5f0
main.main()
/root/go/src/github.com/mendersoftware/mender/main.go:434 +0x7c
The issue appears that x509.SystemCertPool() may return invalid certs while issuing no error (perhaps it is the issue with x509 in go - will dig a bit deeper). Attempt to append certificates to invalid pool causes the error.
