From: Jean Flach <jean-marcel.flach@netways.de>
Date: Tue, 9 Feb 2016 14:55:12 +0000 (+0100)
Subject: Fix client not closing connections
X-Git-Tag: v2.5.0~537
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=19134f41cfc2b55c3ff7cd921f615114f96495f9;p=icinga2

Fix client not closing connections

fixes #11122
---

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 3c53c04ea..60498c7cc 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -321,16 +321,24 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 			return;
 		}
 
-		if (!hostname.IsEmpty() && identity != hostname) {
-			Log(LogInformation, "ApiListener")
-			    << "Unexpected certificate common name while connecting to endpoint '" << hostname << "': got '" << identity << "'";
-			return;
-		}
-
 		verify_ok = tlsStream->IsVerifyOK();
+		if (!hostname.IsEmpty()) {
+			if (identity != hostname) {
+				Log(LogWarning, "ApiListener")
+					<< "Unexpected certificate common name while connecting to endpoint '"
+				    << hostname << "': got '" << identity << "'";
+				return;
+			} else if (!verify_ok) {
+				Log(LogWarning, "ApiListener")
+					<< "Peer certificate for endpoint '" << hostname
+					<< "' is not signed by the certificate authority.";
+				return;
+			}
+		}
 
 		Log(LogInformation, "ApiListener")
-		    << "New client connection for identity '" << identity << "'" << (verify_ok ? "" : " (unauthenticated)");
+		    << "New client connection for identity '" << identity << "'"
+		    << (verify_ok ? "" : " (client certificate not signed by CA)");
 
 		if (verify_ok)
 			endpoint = Endpoint::GetByName(identity);