From 235fa490556c090aba961379e09bf208139add10 Mon Sep 17 00:00:00 2001
From: Yihua Zhang <yihuaz@google.com>
Date: Tue, 19 Mar 2019 18:38:08 -0700
Subject: [PATCH] fail-fast if no pem root certs are available.

---
 .../security_connector/ssl/ssl_security_connector.cc         | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
index 39c5434208b..fbf59d23b9d 100644
--- a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
+++ b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
@@ -319,6 +319,11 @@ grpc_ssl_channel_security_connector_create(
     gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name.");
     return nullptr;
   }
+  if (config->pem_root_certs == nullptr &&
+      grpc_core::DefaultSslRootStore::GetPemRootCerts() == nullptr) {
+    gpr_log(GPR_ERROR, "Could not get pem root certs.");
+    return nullptr;
+  }
   grpc_core::RefCountedPtr<grpc_ssl_channel_security_connector> c =
       grpc_core::MakeRefCounted<grpc_ssl_channel_security_connector>(
           std::move(channel_creds), std::move(request_metadata_creds), config,