Fix client not closing connections

fixes #11122

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 3c53c04eafb81dad6ecf7ee2620abb9053e3c9ff..60498c7cc51ddbcfbaac53a8858c3259ecb81fcc 100644 (file)
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -321,16 +321,24 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
                        return;
                }
 
-               if (!hostname.IsEmpty() && identity != hostname) {
-                       Log(LogInformation, "ApiListener")
-                           << "Unexpected certificate common name while connecting to endpoint '" << hostname << "': got '" << identity << "'";
-                       return;
-               }
-
                verify_ok = tlsStream->IsVerifyOK();
+               if (!hostname.IsEmpty()) {
+                       if (identity != hostname) {
+                               Log(LogWarning, "ApiListener")
+                                       << "Unexpected certificate common name while connecting to endpoint '"
+                                   << hostname << "': got '" << identity << "'";
+                               return;
+                       } else if (!verify_ok) {
+                               Log(LogWarning, "ApiListener")
+                                       << "Peer certificate for endpoint '" << hostname
+                                       << "' is not signed by the certificate authority.";
+                               return;
+                       }
+               }
 
                Log(LogInformation, "ApiListener")
-                   << "New client connection for identity '" << identity << "'" << (verify_ok ? "" : " (unauthenticated)");
+                   << "New client connection for identity '" << identity << "'"
+                   << (verify_ok ? "" : " (client certificate not signed by CA)");
 
                if (verify_ok)
                        endpoint = Endpoint::GetByName(identity);