Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-1151

Failure to process ServerCertificate in mender.conf if no trust roots are present on the system

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 1.0.0, 1.0.1
    • Fix Version/s: 1.2.0, 1.1.1
    • Labels:
    • Environment:
      Cross Linux From Scratch 3.0.0

      Description

      If no trust roots are installed on the system and ServerCertificate is present then mender client fails with:

      panic: runtime error: invalid memory address or nil pointer dereference
      [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1090f4]

      goroutine 1 [running]
      panic(0x2d4530, 0x1071e008)
      /sources/go/src/runtime/panic.go:500 +0x33c
      crypto/x509.(*CertPool).AddCert(0x0, 0x10769b00)
      /sources/go/src/crypto/x509/cert_pool.go:74 +0x74
      crypto/x509.(*CertPool).AppendCertsFromPEM(0x0, 0x10b8aa5f, 0x254, 0x454, 0x600)
      /sources/go/src/crypto/x509/cert_pool.go:113 +0x148
      github.com/mendersoftware/mender/client.loadServerTrust(0x0, 0x0, 0x0, 0x0, 0x10711620, 0x16, 0x0, 0x32, 0x0, 0x0)
      /root/go/src/github.com/mendersoftware/mender/client/client.go:204 +0x174
      github.com/mendersoftware/mender/client.newHttpsClient(0x0, 0x0, 0x0, 0x0, 0x10711620, 0x16, 0x0, 0x6, 0x0, 0x0)
      /root/go/src/github.com/mendersoftware/mender/client/client.go:147 +0xa4
      github.com/mendersoftware/mender/client.New(0x0, 0x0, 0x0, 0x0, 0x10711620, 0x16, 0x0, 0x0, 0x0, 0x0)
      /root/go/src/github.com/mendersoftware/mender/client/client.go:115 +0x3f8
      main.NewMender(0x1079ae20, 0x4, 0x30c2f0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1079ae90, ...)
      /root/go/src/github.com/mendersoftware/mender/mender.go:192 +0x1d4
      main.doBootstrapAuthorize(0x10762780, 0x10712440, 0x0, 0x0)
      /root/go/src/github.com/mendersoftware/mender/main.go:284 +0xe8
      main.doMain(0x1070c158, 0x1, 0x1, 0x0, 0x0)
      /root/go/src/github.com/mendersoftware/mender/main.go:415 +0x5f0
      main.main()
      /root/go/src/github.com/mendersoftware/mender/main.go:434 +0x7c

      The issue appears that x509.SystemCertPool() may return invalid certs while issuing no error (perhaps it is the issue with x509 in go - will dig a bit deeper). Attempt to append certificates to invalid pool causes the error.

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                oleorhagen Ole Petter Orhagen
                Reporter:
                Bashkirtsev Vladimir
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support

                    Summary Panel