x509roots: catch the zero-roots case when generating the bundle

If the parser returns zero roots, don't attempt to completely remove the bundle. This may happen if, i.e., the HTTP response is 200 but has no content. An example of this may be http://go.dev/cl/535735. Change-Id: I81fc2b49c8ec813cca17fd1c807296bfb053d992 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536136 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>
golang · Oct 23, 2023 · 4f30245 · 4f30245
1 parent 1d57292
commit 4f30245
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go
@@ -105,6 +105,10 @@ func main() {
 		log.Fatalf("failed to parse %q: %s", *certDataPath, err)
 	}
 
+	if len(certs) == 0 {
+		log.Fatal("certdata.txt appears to contain zero roots")
+	}
+
 	sort.Slice(certs, func(i, j int) bool {
 		// Sort based on the stringified subject (which may not be unique), and
 		// break any ties by just sorting on the raw DER (which will be unique,