]> granicus.if.org Git - icinga2/commitdiff
projects / icinga2 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eee3075)
ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure 6371/head
authorAlexander A. Klimov <alexander.klimov@icinga.com>
Thu, 14 Jun 2018 13:03:04 +0000 (15:03 +0200)
committerAlexander A. Klimov <alexander.klimov@icinga.com>
Thu, 14 Jun 2018 13:03:04 +0000 (15:03 +0200)
refs #6361

lib/remote/apilistener.cpp patch | blob | history

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index d7e01da67c26ec57f92df0ed0ef8af92b3eb3208..c1546710d0a84b80450a804846c06df391ec8bea 100644 (file)
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -457,6 +457,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
        } catch (const std::exception&) {
                Log(LogCritical, "ApiListener")
                        << "Client TLS handshake failed (" << conninfo << ")";
+               tlsStream->Close();
                return;
        }
 
@@ -471,6 +472,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
                } catch (const std::exception&) {
                        Log(LogCritical, "ApiListener")
                                << "Cannot get certificate common name from cert path: '" << GetDefaultCertPath() << "'.";
+                       tlsStream->Close();
                        return;
                }
 
@@ -480,6 +482,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
                                Log(LogWarning, "ApiListener")
                                        << "Unexpected certificate common name while connecting to endpoint '"
                                        << hostname << "': got '" << identity << "'";
+                               tlsStream->Close();
                                return;
                        } else if (!verify_ok) {
                                Log(LogWarning, "ApiListener")
@@ -529,6 +532,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
                                Log(LogWarning, "ApiListener")
                                        << "No data received on new API connection for identity '" << identity << "'. "
                                        << "Ensure that the remote endpoints are properly configured in a cluster setup.";
+                       tlsStream->Close();
                        return;
                }
 
Unnamed repository; edit this file 'description' to name the repository.