diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index e280bf5391d..118637caeba 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -150,7 +150,6 @@ typedef enum {
   GRPC_SSL_ROOTS_OVERRIDE_FAIL
 } grpc_ssl_roots_override_result;
 
-
 /* Callback for getting the SSL roots override from the application.
    In case of success, *pem_roots_certs must be set to a NULL terminated string
    containing the list of PEM encoded root certificates. The ownership is passed
diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c
index d9322f02574..ee5435f01dd 100644
--- a/test/core/security/security_connector_test.c
+++ b/test/core/security/security_connector_test.c
@@ -323,7 +323,9 @@ static void test_default_ssl_roots(void) {
   fwrite(roots_for_env_var, 1, strlen(roots_for_env_var), roots_env_var_file);
   fclose(roots_env_var_file);
 
-  /* First let's get the root through the override (no env are set). */
+  /* First let's get the root through the override: set the env to an invalid
+     value. */
+  gpr_setenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR, "");
   grpc_set_ssl_roots_override_callback(override_roots_success);
   gpr_slice roots = grpc_get_default_ssl_roots_for_testing();
   char *roots_contents = gpr_dump_slice(roots, GPR_DUMP_ASCII);