Close connection if requestTLS fails (vapor#134)

0xTim · web-flow · commit 2808c4ff334c · 2020-12-10T01:36:46.000Z
* Close connection if requestTLS fails

* Add test to ensure we don't hit assert from leaking connection
diff --git a/Sources/PostgresNIO/Connection/PostgresConnection+Connect.swift b/Sources/PostgresNIO/Connection/PostgresConnection+Connect.swift
@@ -26,7 +26,11 @@ extension PostgresConnection {
                     using: tlsConfiguration,
                     serverHostname: serverHostname,
                     logger: logger
-                ).map { conn }
+                ).flatMapError { error in
+                    conn.close().flatMapThrowing {
+                        throw error
+                    }
+                }.map { conn }
             } else {
                 return eventLoop.makeSucceededFuture(conn)
             }
diff --git a/Tests/PostgresNIOTests/PostgresNIOTests.swift b/Tests/PostgresNIOTests/PostgresNIOTests.swift
@@ -619,6 +619,29 @@ final class PostgresNIOTests: XCTestCase {
         let version = rows[0].column("version")?.string
         XCTAssertEqual(version?.contains("PostgreSQL"), true)
     }
+
+    func testFailingTLSConnectionClosesConnection() throws {
+        // There was a bug (https://github.com/vapor/postgres-nio/issues/133) where we would hit
+        // an assert because we didn't close the connection. This test should succeed without hitting
+        // the assert
+
+        // postgres://uymgphwj:7_tHbREdRwkqAdu4KoIS7hQnNxr8J1LA@elmer.db.elephantsql.com:5432/uymgphwj
+        let elg = MultiThreadedEventLoopGroup(numberOfThreads: 1)
+        defer { try! elg.syncShutdownGracefully() }
+
+        // We should get an error because you can't use an IP address for SNI, but we shouldn't bomb out by
+        // hitting the assert
+        XCTAssertThrowsError(
+            try PostgresConnection.connect(
+                to: SocketAddress.makeAddressResolvingHost("elmer.db.elephantsql.com", port: 5432),
+                tlsConfiguration: .forClient(certificateVerification: .fullVerification),
+                serverHostname: "34.228.73.168",
+                on: elg.next()
+            ).wait()
+        )
+        // If we hit this, we're all good
+        XCTAssertTrue(true)
+    }
     
     func testInvalidPassword() throws {
         let conn = try PostgresConnection.testUnauthenticated(on: eventLoop).wait()
