certpool.go panics instead of returning an error on bad PEM #30

New issue

Open

opened 2026-05-17 23:13:33 +02:00 by heiko · 1 comment

heiko commented

2026-05-17 23:13:33 +02:00

Owner

Summary

internal/shared/certpool.go:25:

if !pool.AppendCertsFromPEM(pem) {
    panic("Can't append to ca cert pool")
}

A corrupt, truncated, or otherwise invalid CA PEM file causes a server (or client) crash at startup rather than a clean, logged error. The caller already handles the (pool, error) return signature.

Fix

Return an error instead of panicking:

if !pool.AppendCertsFromPEM(pem) {
    return nil, fmt.Errorf("no valid certificates found in %s", f)
}

## Summary `internal/shared/certpool.go:25`: ```go if !pool.AppendCertsFromPEM(pem) { panic("Can't append to ca cert pool") } ``` A corrupt, truncated, or otherwise invalid CA PEM file causes a server (or client) crash at startup rather than a clean, logged error. The caller already handles the `(pool, error)` return signature. ## Fix Return an error instead of panicking: ```go if !pool.AppendCertsFromPEM(pem) { return nil, fmt.Errorf("no valid certificates found in %s", f) } ```

heiko added the

security

label

2026-05-17 23:13:33 +02:00

heiko commented

2026-05-22 11:38:24 +02:00

Author

Owner

AI attribution comment added per repository instruction for this open issue.\n\n(co)authored by ai:gpt-5-codex