Server panics when a request to `/mdm/apple/mdm` is made without certs

[roperzh]

Fleet version: 4.52.0

---

💥  Actual behavior

Server panics when a request to /mdm/apple/mdm is made without certs.

🧑‍💻  Steps to reproduce

1. Enable macOS MDM
2. curl -i https://localhost:8080/mdm/apple/mdm

🕯️ More info (optional)

Panic is:

024/06/21 11:28:59 http: panic serving [::1]:57877: runtime error: invalid memory address or nil pointer dereference
goroutine 3601 [running]:
net/http.(*conn).serve.func1()
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:1898 +0xb0
panic({0x10468d6a0?, 0x105a33160?})
    /Users/roperzh/.gvm/gos/go1.22.3/src/runtime/panic.go:770 +0x124
crypto/x509.(*Certificate).Verify(0x140012f9170?, {{0x0, 0x0}, 0x0, 0x140012f9170, {0x0, 0x0, 0x0}, {0x14000f748a0, 0x1, ...}, ...})
    /Users/roperzh/.gvm/gos/go1.22.3/src/crypto/x509/verify.go:751 +0x4c
github.com/fleetdm/fleet/v4/server/mdm/crypto.(*SCEPVerifier).Verify(0x14000c96ce0, 0x0)
    /Users/roperzh/fleet/server/mdm/crypto/scep.go:43 +0x1c8
github.com/fleetdm/fleet/v4/server/service.registerMDM.CertVerifyMiddleware.func4({0x104a3d240, 0x140035e8380}, 0x140024619e0)
    /Users/roperzh/fleet/server/mdm/nanomdm/http/mdm/mdm_cert.go:126 +0x80
net/http.HandlerFunc.ServeHTTP(0x104a41988?, {0x104a3d240?, 0x140035e8380?}, 0x2?)
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:2166 +0x38
github.com/fleetdm/fleet/v4/server/service.registerMDM.CertExtractMdmSignatureMiddleware.func5({0x104a3d240, 0x140035e8380}, 0x140024619e0)
    /Users/roperzh/fleet/server/mdm/nanomdm/http/mdm/mdm_cert.go:82 +0x3a0
net/http.HandlerFunc.ServeHTTP(0x14000d63ba0?, {0x104a3d240?, 0x140035e8380?}, 0x0?)
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:2166 +0x38
net/http.(*ServeMux).ServeHTTP(0x14000063ad8?, {0x104a3d240, 0x140035e8380}, 0x140024619e0)
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:2683 +0x1a4
main.createServeCmd.func1.(*Handler).Handler.34({0x104a3d240?, 0x140035e8380?}, 0x140012f8c60?)
    /Users/roperzh/fleet/server/launcher/server.go:54 +0xa4
net/http.HandlerFunc.ServeHTTP(0x0?, {0x104a3d240?, 0x140035e8380?}, 0x14000063b50?)
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:2166 +0x38
net/http.serverHandler.ServeHTTP({0x140012f8c60?}, {0x104a3d240?, 0x140035e8380?}, 0x6?)
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:3137 +0xbc
net/http.(*conn).serve(0x14003788750, {0x104a41950, 0x140008105d0})
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:2039 +0x508
created by net/http.(*Server).Serve in goroutine 2942
    /Users/roperzh/.gvm/gos/go1.22.3/src/net/http/server.go:3285 +0x3f0
^Clevel=error ts=2024-06-21T14:29:06.656522Z cron=integrations schedule=integrations instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656573Z cron=apple_mdm_dep_profile_assigner component=nanodep-syncer schedule=apple_mdm_dep_profile_assigner instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656662Z cron=calendar schedule=calendar instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656711Z cron=mdm_apple_profile_manager schedule=mdm_apple_profile_manager instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656725Z cron=cleanups_then_aggregation schedule=cleanups_then_aggregation instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656746Z cron=apple_mdm_iphone_ipad_refetcher component=iphone-ipad-refetcher schedule=apple_mdm_iphone_ipad_refetcher instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656748Z cron=vulnerabilities schedule=vulnerabilities instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"
level=error ts=2024-06-21T14:29:06.656531Z cron=usage_statistics schedule=usage_statistics instanceID="AXFS9cfYNptu8h4aJxm7CWVWh2CxDw3+omncbbHzxpWqBKCrdql3if8Yb6NRgi9v9/0iSeLFct7dm/AT2Z/QQA==" msg="unlock failed" err="context canceled"

[fleet-release]

Server panics cease, Fleet's path now smooth as glass clouds, Secure, panic-free peace.