From 353386f404b7a68d91cbed33b2f2e7efe2e20452 Mon Sep 17 00:00:00 2001
From: Johannes Schmidt <johannes.schmidt@icinga.com>
Date: Tue, 22 Apr 2025 09:18:05 +0200
Subject: [PATCH] Abort verified JSON-RPC connections with no valid endpoint

---
 lib/remote/apilistener.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 6bcf5bb5f5..2b44c51838 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -834,6 +834,12 @@ void ApiListener::NewClientHandlerInternal(
 	if (ctype == ClientJsonRpc) {
 		Log(LogNotice, "ApiListener", "New JSON-RPC client");
 
+		if (verify_ok && !endpoint) {
+			Log(LogWarning, "ApiListener")
+				<< "Unknown endpoint '" << identity << "' with valid certificate. Aborting JSON-RPC connection.";
+			return;
+		}
+
 		if (endpoint && endpoint->GetConnected()) {
 			Log(LogInformation, "ApiListener")
 				<< "Ignoring JSON-RPC connection " << conninfo