diff --git a/doc/TODO b/doc/TODO
index 0778264b5ad6c9ba22528750b62f518a919f08a3..8441a6abafdf612b78f348139a6f7b5ea44fa1cf 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -83,7 +83,7 @@ Short-term:
         X remove per-connection rate limiting
         - Make it harder to circumvent bandwidth caps: look at number of bytes
           sent across sockets, not number sent inside TLS stream.
-        - Audit users of connnection_remove and connection_free outside of
+        o Audit users of connnection_remove and connection_free outside of
           main.c; many should use mark_for_close instead.
 
 On-going
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index c61f3117b06bffda2f74b8987d1be919a69d3e1d..5fb4ac183d41b3d6808d8fff714d16095c9d845b 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -112,8 +112,6 @@ connection_t *connection_or_connect(routerinfo_t *router) {
   /* set up conn so it's got all the data we need to remember */
   connection_or_init_conn_from_router(conn, router);
 
-  /* XXXX Should all this stuff do mark-for-close instead? */
-
   if(connection_add(conn) < 0) { /* no space, forget it */
     connection_free(conn);
     return NULL;
@@ -121,8 +119,7 @@ connection_t *connection_or_connect(routerinfo_t *router) {
 
   switch(connection_connect(conn, router->address, router->addr, router->or_port)) {
     case -1:
-      connection_remove(conn);
-      connection_free(conn);
+      connection_mark_for_close(conn, 0);
       return NULL;
     case 0:
       connection_set_poll_socket(conn);
@@ -140,8 +137,7 @@ connection_t *connection_or_connect(routerinfo_t *router) {
     return conn;
 
   /* failure */
-  connection_remove(conn);
-  connection_free(conn);
+  connection_mark_for_close(conn, 0);
   return NULL;
 }
 
diff --git a/src/or/directory.c b/src/or/directory.c
index f3f4025cdf2f3c1cabbf5c5933a79306277cdf64..4506cf945ab049a2cff03498b84f9a20ec72e92f 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -48,8 +48,7 @@ void directory_initiate_command(routerinfo_t *router, int command) {
   switch(connection_connect(conn, router->address, router->addr, router->dir_port)) {
     case -1:
       router_mark_as_down(conn->nickname); /* don't try him again */
-      connection_remove(conn);
-      connection_free(conn);
+      connection_mark_for_close(conn, 0);
       return;
     case 0:
       connection_set_poll_socket(conn);
@@ -63,8 +62,7 @@ void directory_initiate_command(routerinfo_t *router, int command) {
 
   connection_set_poll_socket(conn);
   if(directory_send_command(conn, command) < 0) {
-    connection_remove(conn);
-    connection_free(conn);
+    connection_mark_for_close(conn, 0);
   }
 }