Gracefully handle the case where the issuer can't be found (#2946)

Author: jamis

lib/mongo/socket/ssl.rb

@@ -23,6 +23,7 @@ class Socket
     # @since 2.0.0
     class SSL < Socket
       include OpenSSL
+      include Loggable
 
       # Initializes a new TLS socket.
       #
@@ -455,13 +456,16 @@ def verify_certificate!(socket)
       end
 
       def verify_ocsp_endpoint!(socket, timeout = nil)
-        unless verify_ocsp_endpoint?
-          return
-        end
+        return unless verify_ocsp_endpoint?
 
         cert = socket.peer_cert
         ca_cert = find_issuer(cert, socket.peer_cert_chain)
 
+        unless ca_cert
+          log_warn("TLS certificate of '#{host_name}' could not be definitively verified via OCSP: issuer certificate not found in the chain.")
+          return
+        end
+
         verifier = OcspVerifier.new(@host_name, cert, ca_cert, context.cert_store,
           **Utils.shallow_symbolize_keys(options).merge(timeout: timeout))
         verifier.verify_with_cache