Skip to content

Commit

Permalink
allow empty cert pool
Browse files Browse the repository at this point in the history
  • Loading branch information
@nklaassen
nklaassen committed Jan 21, 2025
1 parent 0fc5882 commit 0aa15b3
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/client/interfaces.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,10 @@ func (k *KeyRing) clientCertPool(clusters ...string) (*x509.CertPool, error) {
return nil, trace.Wrap(err)
}
pool := x509.NewCertPool()
if len(certPoolPEM) == 0 {
// It's valid to have no matching CAs and therefore an empty cert pool.
return pool, nil
}
if !pool.AppendCertsFromPEM(certPoolPEM) {
return nil, trace.BadParameter("failed to parse TLS CA certificate")
}
Expand Down

0 comments on commit 0aa15b3

Please sign in to comment.