Set SSL options if they're not empty strings or nil.

Divjot Arora · Divjot Arora · commit 2e6bf7db87e3 · 2019-01-07T14:04:04.000-05:00
GODRIVER-688 Change-Id: I4c3244b0fc5314a8322f059b78c7dffb6db1e230
diff --git a/mongo/client_options_test.go b/mongo/client_options_test.go
@@ -24,6 +24,7 @@ import (
 	"github.com/mongodb/mongo-go-driver/x/mongo/driver/topology"
 	"github.com/mongodb/mongo-go-driver/x/network/connstring"
 	"github.com/stretchr/testify/require"
+	"reflect"
 )
 
 func TestClientOptions_simple(t *testing.T) {
@@ -144,7 +145,7 @@ func TestClientOptions_chainAll(t *testing.T) {
 			SSLClientCertificateKeyFile:        "client.pem",
 			SSLClientCertificateKeyFileSet:     true,
 			SSLClientCertificateKeyPassword:    nil,
-			SSLClientCertificateKeyPasswordSet: true,
+			SSLClientCertificateKeyPasswordSet: false, // will not be set if it's nil
 			SSLInsecure:                        false,
 			SSLInsecureSet:                     true,
 			SSLCaFile:                          "ca.pem",
@@ -159,6 +160,44 @@ func TestClientOptions_chainAll(t *testing.T) {
 	require.Equal(t, expectedClient, opts)
 }
 
+func TestClientOptions_sslOptions(t *testing.T) {
+	t.Parallel()
+
+	t.Run("TestEmptyOptionsNotSet", func(t *testing.T) {
+		ssl := &options.SSLOpt{}
+		c, err := NewClientWithOptions("mongodb://localhost", options.Client().SetSSL(ssl))
+		require.NoError(t, err)
+
+		require.Equal(t, c.connString.SSLClientCertificateKeyFile, "")
+		require.Equal(t, c.connString.SSLClientCertificateKeyFileSet, false)
+		require.Nil(t, c.connString.SSLClientCertificateKeyPassword)
+		require.Equal(t, c.connString.SSLClientCertificateKeyPasswordSet, false)
+		require.Equal(t, c.connString.SSLCaFile, "")
+		require.Equal(t, c.connString.SSLCaFileSet, false)
+	})
+
+	t.Run("TestNonEmptyOptionsSet", func(t *testing.T) {
+		f := func() string {
+			return "KeyPassword"
+		}
+
+		ssl := &options.SSLOpt{
+			ClientCertificateKeyFile:     "KeyFile",
+			ClientCertificateKeyPassword: f,
+			CaFile:                       "CaFile",
+		}
+		c, err := NewClientWithOptions("mongodb://localhost", options.Client().SetSSL(ssl))
+		require.NoError(t, err)
+
+		require.Equal(t, c.connString.SSLClientCertificateKeyFile, "KeyFile")
+		require.Equal(t, c.connString.SSLClientCertificateKeyFileSet, true)
+		require.Equal(t, reflect.ValueOf(c.connString.SSLClientCertificateKeyPassword).Pointer(), reflect.ValueOf(f).Pointer())
+		require.Equal(t, c.connString.SSLClientCertificateKeyPasswordSet, true)
+		require.Equal(t, c.connString.SSLCaFile, "CaFile")
+		require.Equal(t, c.connString.SSLCaFileSet, true)
+	})
+}
+
 func TestClientOptions_CustomDialer(t *testing.T) {
 	td := &testDialer{d: &net.Dialer{}}
 	opts := options.Client().SetDialer(td)
diff --git a/mongo/options/clientoptions.go b/mongo/options/clientoptions.go
@@ -285,17 +285,23 @@ func (c *ClientOptions) SetSSL(ssl *SSLOpt) *ClientOptions {
 	c.ConnString.SSL = ssl.Enabled
 	c.ConnString.SSLSet = true
 
-	c.ConnString.SSLClientCertificateKeyFile = ssl.ClientCertificateKeyFile
-	c.ConnString.SSLClientCertificateKeyFileSet = true
+	if ssl.ClientCertificateKeyFile != "" {
+		c.ConnString.SSLClientCertificateKeyFile = ssl.ClientCertificateKeyFile
+		c.ConnString.SSLClientCertificateKeyFileSet = true
+	}
 
-	c.ConnString.SSLClientCertificateKeyPassword = ssl.ClientCertificateKeyPassword
-	c.ConnString.SSLClientCertificateKeyPasswordSet = true
+	if ssl.ClientCertificateKeyPassword != nil {
+		c.ConnString.SSLClientCertificateKeyPassword = ssl.ClientCertificateKeyPassword
+		c.ConnString.SSLClientCertificateKeyPasswordSet = true
+	}
 
 	c.ConnString.SSLInsecure = ssl.Insecure
 	c.ConnString.SSLInsecureSet = true
 
-	c.ConnString.SSLCaFile = ssl.CaFile
-	c.ConnString.SSLCaFileSet = true
+	if ssl.CaFile != "" {
+		c.ConnString.SSLCaFile = ssl.CaFile
+		c.ConnString.SSLCaFileSet = true
+	}
 
 	return c
 }
