From 0ed108bfa278da25f5b80292cd5fa8e7d4515ec6 Mon Sep 17 00:00:00 2001
From: Michael Insel <michael@insel.email>
Date: Tue, 3 Dec 2019 21:17:22 +0100
Subject: [PATCH 1/2] Fix open connections when agent waits for CA approval

This closes the agent connection when the certificate sign requests
waits for CA approval.

refs #7680
---
 lib/remote/jsonrpcconnection-pki.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
index c538bb1de..dd5154e36 100644
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -243,6 +243,8 @@ delayed_request:
 	Log(LogInformation, "JsonRpcConnection")
 		<< "Certificate request for CN '" << cn << "' is pending. Waiting for approval.";
 
+    client->Disconnect();
+
 	return result;
 }
 

From 89c188996b78d1ec66a68637f60376f33cbd6793 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@icinga.com>
Date: Wed, 8 Apr 2020 13:29:55 +0200
Subject: [PATCH 2/2] RequestCertificateHandler(): don't disconnect nodes
 already integrated into the cluster

... not to cause a reconnect loop.
---
 lib/remote/jsonrpcconnection-pki.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp
index dd5154e36..aa7ebcef0 100644
--- a/lib/remote/jsonrpcconnection-pki.cpp
+++ b/lib/remote/jsonrpcconnection-pki.cpp
@@ -243,7 +243,13 @@ delayed_request:
 	Log(LogInformation, "JsonRpcConnection")
 		<< "Certificate request for CN '" << cn << "' is pending. Waiting for approval.";
 
-    client->Disconnect();
+	if (origin) {
+		auto client (origin->FromClient);
+
+		if (client && !client->GetEndpoint()) {
+			client->Disconnect();
+		}
+	}
 
 	return result;
 }