client: only try to create wrapper SSL stream if base_stream is valid.

Christian Hergert · Christian Hergert · commit 2b815609c325 · 2014-05-27T13:14:03.000-07:00
This fixes a bug where the method guards would protect against the
creation of the wrapper stream. It can be verified with:

./example-client 'mongodb://invalid-hostname/?ssl=true'
diff --git a/src/mongoc/mongoc-client.c b/src/mongoc/mongoc-client.c
@@ -306,32 +306,34 @@ mongoc_client_default_stream_initiator (const mongoc_uri_t       *uri,
    }
 
 #ifdef MONGOC_ENABLE_SSL
-   options = mongoc_uri_get_options (uri);
-   mechanism = mongoc_uri_get_auth_mechanism (uri);
-
-   if ((bson_iter_init_find_case (&iter, options, "ssl") &&
-        bson_iter_as_bool (&iter)) ||
-       (mechanism && (0 == strcmp (mechanism, "MONGODB-X509")))) {
-      base_stream = mongoc_stream_tls_new (base_stream, &client->ssl_opts,
-                                           true);
-
-      if (!base_stream) {
-         bson_set_error (error,
-                         MONGOC_ERROR_STREAM,
-                         MONGOC_ERROR_STREAM_SOCKET,
-                         "Failed initialize TLS state.");
-         return NULL;
-      }
+   if (base_stream) {
+      options = mongoc_uri_get_options (uri);
+      mechanism = mongoc_uri_get_auth_mechanism (uri);
+
+      if ((bson_iter_init_find_case (&iter, options, "ssl") &&
+           bson_iter_as_bool (&iter)) ||
+          (mechanism && (0 == strcmp (mechanism, "MONGODB-X509")))) {
+         base_stream = mongoc_stream_tls_new (base_stream, &client->ssl_opts,
+                                              true);
+
+         if (!base_stream) {
+            bson_set_error (error,
+                            MONGOC_ERROR_STREAM,
+                            MONGOC_ERROR_STREAM_SOCKET,
+                            "Failed initialize TLS state.");
+            return NULL;
+         }
 
-      if (!mongoc_stream_tls_do_handshake (base_stream, -1) ||
-          !mongoc_stream_tls_check_cert (base_stream, host->host)) {
-         bson_set_error (error,
-                         MONGOC_ERROR_STREAM,
-                         MONGOC_ERROR_STREAM_SOCKET,
-                         "Failed to handshake and validate TLS certificate.");
-         mongoc_stream_destroy (base_stream);
-         base_stream = NULL;
-         return NULL;
+         if (!mongoc_stream_tls_do_handshake (base_stream, -1) ||
+             !mongoc_stream_tls_check_cert (base_stream, host->host)) {
+            bson_set_error (error,
+                            MONGOC_ERROR_STREAM,
+                            MONGOC_ERROR_STREAM_SOCKET,
+                            "Failed to handshake and validate TLS certificate.");
+            mongoc_stream_destroy (base_stream);
+            base_stream = NULL;
+            return NULL;
+         }
       }
    }
 #endif
