From: Alexander A. Klimov <alexander.klimov@icinga.com>
Date: Thu, 14 Jun 2018 13:03:04 +0000 (+0200)
Subject: ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure
X-Git-Tag: v2.9.0~31^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7741517df7630073f9162e6bfa2315501a5f7791;p=icinga2

ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure

refs #6361
---

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index d7e01da67..c1546710d 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -457,6 +457,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 	} catch (const std::exception&) {
 		Log(LogCritical, "ApiListener")
 			<< "Client TLS handshake failed (" << conninfo << ")";
+		tlsStream->Close();
 		return;
 	}
 
@@ -471,6 +472,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 		} catch (const std::exception&) {
 			Log(LogCritical, "ApiListener")
 				<< "Cannot get certificate common name from cert path: '" << GetDefaultCertPath() << "'.";
+			tlsStream->Close();
 			return;
 		}
 
@@ -480,6 +482,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 				Log(LogWarning, "ApiListener")
 					<< "Unexpected certificate common name while connecting to endpoint '"
 					<< hostname << "': got '" << identity << "'";
+				tlsStream->Close();
 				return;
 			} else if (!verify_ok) {
 				Log(LogWarning, "ApiListener")
@@ -529,6 +532,7 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 				Log(LogWarning, "ApiListener")
 					<< "No data received on new API connection for identity '" << identity << "'. "
 					<< "Ensure that the remote endpoints are properly configured in a cluster setup.";
+			tlsStream->Close();
 			return;
 		}