From 2d16b02520ef60f523b249c576cb352fef3f1dc1 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@icinga.com>
Date: Tue, 19 Feb 2019 18:06:14 +0100
Subject: [PATCH] ApiListener#NewClientHandlerInternal(): shut down TLS stream

---
 lib/remote/apilistener.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 235e6c573..56fda20e5 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -7,6 +7,7 @@
 #include "remote/jsonrpc.hpp"
 #include "remote/apifunction.hpp"
 #include "base/convert.hpp"
+#include "base/defer.hpp"
 #include "base/io-engine.hpp"
 #include "base/netstring.hpp"
 #include "base/json.hpp"
@@ -570,6 +571,14 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
 		return;
 	}
 
+	bool willBeShutDown = false;
+
+	Defer shutDownIfNeeded ([&sslConn, &willBeShutDown, &yc]() {
+		if (!willBeShutDown) {
+			sslConn.async_shutdown(yc);
+		}
+	});
+
 	std::shared_ptr<X509> cert (SSL_get_peer_certificate(sslConn.native_handle()), X509_free);
 	String identity;
 	Endpoint::Ptr endpoint;
@@ -684,6 +693,8 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
 
 		if (aclient) {
 			aclient->Start();
+
+			willBeShutDown = true;
 		}
 	} else {
 		Log(LogNotice, "ApiListener", "New HTTP client");
@@ -691,6 +702,8 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
 		HttpServerConnection::Ptr aclient = new HttpServerConnection(identity, verify_ok, client);
 		AddHttpClient(aclient);
 		aclient->Start();
+
+		willBeShutDown = true;
 	}
 }