CXX-1614 Fix crash setting client SSL options

Author: ajdavis

src/mongocxx/client.cpp

@@ -44,14 +44,11 @@ client::client(const class uri& uri, const options::client& options) {
         if (!uri.ssl())
             throw exception{error_code::k_invalid_parameter,
                             "cannot set SSL options if 'ssl=true' not in URI"};
-
-        auto mongoc_opts = options::make_ssl_opts(*options.ssl_opts());
-        _impl->ssl_options = std::move(mongoc_opts.second);
-        libmongoc::client_set_ssl_opts(_get_impl().client_t, &mongoc_opts.first);
     }
 #else
-    if (uri.ssl() || options.ssl_opts())
+    if (uri.ssl() || options.ssl_opts()) {
         throw exception{error_code::k_ssl_not_supported};
+    }
 #endif
     auto new_client = libmongoc::client_new_from_uri(uri._impl->uri_t);
     if (!new_client) {
@@ -60,6 +57,14 @@ client::client(const class uri& uri, const options::client& options) {
     }
 
     _impl = stdx::make_unique<impl>(std::move(new_client));
+
+#if defined(MONGOCXX_ENABLE_SSL) && defined(MONGOC_ENABLE_SSL)
+    if (options.ssl_opts()) {
+        auto mongoc_opts = options::make_ssl_opts(*options.ssl_opts());
+        _impl->ssl_options = std::move(mongoc_opts.second);
+        libmongoc::client_set_ssl_opts(_get_impl().client_t, &mongoc_opts.first);
+    }
+#endif
 }
 
 client::client(void* implementation)

src/mongocxx/test/client.cpp

@@ -299,4 +299,47 @@ TEST_CASE("integration tests for client metadata handshake feature") {
         run_test(*client);
     }
 }
+
+#if defined(MONGOCXX_ENABLE_SSL) && defined(MONGOC_ENABLE_SSL)
+TEST_CASE("A client can be constructed with SSL options", "[client]") {
+    MOCK_CLIENT
+
+    instance::current();
+
+    const std::string pem_file = "foo";
+    const std::string pem_password = "bar";
+    const std::string ca_file = "baz";
+    const std::string ca_dir = "garply";
+    const std::string crl_file = "crl_file";
+    const bool allow_invalid_certificates = true;
+
+    bool set_ssl_opts_called = false;
+    options::ssl ssl_opts;
+    ssl_opts.pem_file(pem_file);
+    ssl_opts.pem_password(pem_password);
+    ssl_opts.ca_file(ca_file);
+    ssl_opts.ca_dir(ca_dir);
+    ssl_opts.crl_file(crl_file);
+    ssl_opts.allow_invalid_certificates(allow_invalid_certificates);
+
+    ::mongoc_ssl_opt_t interposed = {};
+
+    client_set_ssl_opts->interpose([&](::mongoc_client_t*, const ::mongoc_ssl_opt_t* opts) {
+        set_ssl_opts_called = true;
+        interposed = *opts;
+    });
+
+    client c{uri{"mongodb://mongodb.example.com:9999/?ssl=true"},
+             options::client().ssl_opts(ssl_opts)};
+
+    REQUIRE(set_ssl_opts_called);
+    REQUIRE(interposed.pem_file == pem_file);
+    REQUIRE(interposed.pem_pwd == pem_password);
+    REQUIRE(interposed.ca_file == ca_file);
+    REQUIRE(interposed.ca_dir == ca_dir);
+    REQUIRE(interposed.crl_file == crl_file);
+    REQUIRE(interposed.weak_cert_validation == allow_invalid_certificates);
+}
+#endif
+
 }  // namespace

src/mongocxx/test/pool.cpp

@@ -59,7 +59,7 @@ TEST_CASE("a pool is created with the correct MongoDB URI", "[pool]") {
     REQUIRE(destroy_called);
 }
 
-#if defined(MONGOC_ENABLE_SSL)
+#if defined(MONGOCXX_ENABLE_SSL) && defined(MONGOC_ENABLE_SSL)
 TEST_CASE(
     "If we pass an engaged SSL options struct to the pool class, we will use it to configure the "
     "underlying mongoc pool",

src/third_party/catch/include/helpers.hpp

@@ -76,7 +76,7 @@ MONGOCXX_INLINE_NAMESPACE_END
 #define MOCK_POOL MOCK_POOL_NOSSL
 #endif
 
-#define MOCK_CLIENT                                                                             \
+#define MOCK_CLIENT_NOSSL                                                                       \
     auto client_new = libmongoc::client_new_from_uri.create_instance();                         \
     auto client_destroy = libmongoc::client_destroy.create_instance();                          \
     auto client_set_read_concern = libmongoc::client_set_read_concern.create_instance();        \
@@ -92,6 +92,15 @@ MONGOCXX_INLINE_NAMESPACE_END
     client_get_concern->interpose([](const mongoc_client_t*) { return nullptr; }).forever();    \
     auto client_start_session = libmongoc::client_start_session.create_instance();
 
+#if defined(MONGOCXX_ENABLE_SSL) && defined(MONGOC_ENABLE_SSL)
+#define MOCK_CLIENT                                                              \
+    MOCK_CLIENT_NOSSL                                                            \
+    auto client_set_ssl_opts = libmongoc::client_set_ssl_opts.create_instance(); \
+    client_set_ssl_opts->interpose([](::mongoc_client_t*, const ::mongoc_ssl_opt_t*) {});
+#else
+#define MOCK_CLIENT MOCK_CLIENT_NOSSL
+#endif
+
 #define MOCK_DATABASE                                                                            \
     auto get_database = libmongoc::client_get_database.create_instance();                        \
     get_database->interpose([&](mongoc_client_t*, const char*) { return nullptr; });             \