x509roots: catch the zero-roots case when generating the bundle

If the parser returns zero roots, don't attempt to completely remove the bundle. This may happen if, i.e., the HTTP response is 200 but has no content. An example of this may be http://go.dev/cl/535735. Change-Id: I81fc2b49c8ec813cca17fd1c807296bfb053d992 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536136 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>
author: Roland Shoemaker <roland@golang.org> 2023-10-18 14:26:33 -0400
committer: Gopher Robot <gobot@golang.org> 2023-10-23 20:02:03 +0000
commit: 4f3024555250c59d8b3c0da3f1cf1725c58f809c (patch)
tree: b80f3ca11b6b1921ff7d93e93e518c244bc65789
parent: 1d5729261878487fa61508b204b9ad99e436f11b (diff)
download: go-x-crypto-4f3024555250c59d8b3c0da3f1cf1725c58f809c.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go
index ec3014f..ffea49b 100644
--- a/x509roots/gen_fallback_bundle.go
+++ b/x509roots/gen_fallback_bundle.go
@@ -105,6 +105,10 @@ func main() {
 		log.Fatalf("failed to parse %q: %s", *certDataPath, err)
 	}
 
+	if len(certs) == 0 {
+		log.Fatal("certdata.txt appears to contain zero roots")
+	}
+
 	sort.Slice(certs, func(i, j int) bool {
 		// Sort based on the stringified subject (which may not be unique), and
 		// break any ties by just sorting on the raw DER (which will be unique,
author	Roland Shoemaker <roland@golang.org>	2023-10-18 14:26:33 -0400
committer	Gopher Robot <gobot@golang.org>	2023-10-23 20:02:03 +0000
commit	4f3024555250c59d8b3c0da3f1cf1725c58f809c (patch)
tree	b80f3ca11b6b1921ff7d93e93e518c244bc65789
parent	1d5729261878487fa61508b204b9ad99e436f11b (diff)
download	go-x-crypto-4f3024555250c59d8b3c0da3f1cf1725c58f809c.tar.xz