avoid allocation X509Chain if there is no certificate (#74616)

src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.Unix.cs

@@ -43,12 +43,14 @@ internal static partial class CertificateValidationPal
             {
                 QueryContextRemoteCertificate(securityContext, out remoteContext);
 
-                if (remoteContext != null && !remoteContext.IsInvalid)
+                if (remoteContext == null || remoteContext.IsInvalid)
                 {
-                    remoteContext.DangerousAddRef(ref gotReference);
-                    result = new X509Certificate2(remoteContext.DangerousGetHandle());
+                    return null;
                 }
 
+                remoteContext.DangerousAddRef(ref gotReference);
+                result = new X509Certificate2(remoteContext.DangerousGetHandle());
+
                 if (retrieveChainCertificates)
                 {
                     chain ??= new X509Chain();