diff options
author | elijah <elijah@riseup.net> | 2014-06-04 14:56:03 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-06-04 14:56:03 -0700 |
commit | c44046995d130727bf219bac95010594f35293e1 (patch) | |
tree | e0617fd1f7977af7ea00d51e20162cc06d8c2c6a | |
parent | 2c03995839437729bf48332124a7a30c112dba18 (diff) | |
download | leap_cli-c44046995d130727bf219bac95010594f35293e1.tar.gz leap_cli-c44046995d130727bf219bac95010594f35293e1.tar.bz2 |
ensure that x509 certificates use dns names that are strictly sorted and unique, to prevent unncessary regeneration of certificates.
-rw-r--r-- | lib/leap_cli/commands/ca.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index b3d0a9d..46e3494 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -208,11 +208,12 @@ module LeapCli; module Commands ips << $1 if value =~ /^IP Address:(.*)$/ dns_names << $1 if value =~ /^DNS:(.*)$/ end + dns_names.sort! if ips.first != node.ip_address log :updating, "cert for node '#{node.name}' because ip_address has changed (from #{ips.first} to #{node.ip_address})" return true elsif dns_names != dns_names_for_node(node) - log :updating, "cert for node '#{node.name}' because domain name aliases have changed (from #{dns_names.inspect} to #{dns_names_for_node(node).inspect})" + log :updating, "cert for node '#{node.name}' because domain name aliases have changed\n from: #{dns_names.inspect}\n to: #{dns_names_for_node(node).inspect})" return true end end @@ -381,8 +382,10 @@ module LeapCli; module Commands names = [node.domain.internal, node.domain.full] if node['dns'] && node.dns['aliases'] && node.dns.aliases.any? names += node.dns.aliases - names.compact! end + names.compact! + names.sort! + names.uniq! return names end |