[FAB-7884] InitTLSForPeer fail on missing caCert config

Prior to the change set, the method InitTLSForPeer falls
back on an empty root CA cert pool if the config option isn't specified.

It doesn't make sense to do that, since we don't have any way of trusting
a remote node in such a case and thus establishing a TLS connection.

Change-Id: I7b0595995d879f3d44b1fd616e80f44aefb473d4
Signed-off-by: yacovm <yacovm@il.ibm.com>

Author: yacovm

core/comm/connection.go

@@ -231,7 +231,7 @@ func InitTLSForPeer() credentials.TransportCredentials {
 			grpclog.Fatalf("Failed to create TLS credentials %v", err)
 		}
 	} else {
-		creds = credentials.NewClientTLSFromCert(nil, sn)
+		logger.Panic("peer.tls.rootcert.file isn't configured")
 	}
 	return creds
 }

core/comm/connection_test.go

@@ -18,6 +18,7 @@ import (
 	"time"
 
 	testpb "github.com/hyperledger/fabric/core/comm/testdata/grpc"
+	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
@@ -352,3 +353,19 @@ func testInvoke(t *testing.T, channelID string, s *srv, shouldSucceed bool) {
 	assert.NoError(t, err)
 	s.assertServiced(t)
 }
+
+func TestInitTLSForPeerNoCACerts(t *testing.T) {
+	prevCACerts := viper.Get("peer.tls.rootcert.file")
+	defer func() {
+		viper.Set("peer.tls.rootcert.file", prevCACerts)
+	}()
+	viper.Set("peer.tls.rootcert.file", nil)
+	defer func() {
+		r := recover()
+		if r == nil {
+			assert.Fail(t, "should have panicked")
+		}
+		assert.Equal(t, "peer.tls.rootcert.file isn't configured", r)
+	}()
+	InitTLSForPeer()
+}