From fb81aaed10ded21ac0857fff88e5957ea42f4453 Mon Sep 17 00:00:00 2001
From: Ying Li <ying.li@docker.com>
Date: Mon, 19 Oct 2015 13:40:38 -0700
Subject: [PATCH] Add test for if the client CA dir is empty

Signed-off-by: Ying Li <ying.li@docker.com>
---
 utils/tls_config_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/utils/tls_config_test.go b/utils/tls_config_test.go
index 7b7eebf409..70821e2664 100644
--- a/utils/tls_config_test.go
+++ b/utils/tls_config_test.go
@@ -64,6 +64,17 @@ func TestConfigServerTLSServerCertsOnly(t *testing.T) {
 	assert.Nil(t, tlsConfig.ClientCAs)
 }
 
+// If a valid client cert directory is provided, but it contains no client
+// certs, an error is returned.
+func TestConfigServerTLSWithEmptyCACertDir(t *testing.T) {
+	tempDir, err := ioutil.TempDir("/tmp", "cert-test")
+	assert.NoError(t, err, "couldn't open temp directory")
+
+	tlsConfig, err := ConfigureServerTLS(ServerCert, ServerKey, false, tempDir)
+	assert.Nil(t, tlsConfig)
+	assert.Error(t, err)
+}
+
 // If server cert and key are provided, and client cert directory is provided,
 // a valid tls.Config is returned with the clientCAs set to the certs in that
 // directory.