From c44046995d130727bf219bac95010594f35293e1 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 4 Jun 2014 14:56:03 -0700
Subject: ensure that x509 certificates use dns names that are strictly sorted
 and unique, to prevent unncessary regeneration of certificates.

---
 lib/leap_cli/commands/ca.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index b3d0a9d..46e3494 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -208,11 +208,12 @@ module LeapCli; module Commands
             ips << $1          if value =~ /^IP Address:(.*)$/
             dns_names << $1    if value =~ /^DNS:(.*)$/
           end
+          dns_names.sort!
           if ips.first != node.ip_address
             log :updating, "cert for node '#{node.name}' because ip_address has changed (from #{ips.first} to #{node.ip_address})"
             return true
           elsif dns_names != dns_names_for_node(node)
-            log :updating, "cert for node '#{node.name}' because domain name aliases have changed (from #{dns_names.inspect} to #{dns_names_for_node(node).inspect})"
+            log :updating, "cert for node '#{node.name}' because domain name aliases have changed\n    from: #{dns_names.inspect}\n    to: #{dns_names_for_node(node).inspect})"
             return true
           end
         end
@@ -381,8 +382,10 @@ module LeapCli; module Commands
     names = [node.domain.internal, node.domain.full]
     if node['dns'] && node.dns['aliases'] && node.dns.aliases.any?
       names += node.dns.aliases
-      names.compact!
     end
+    names.compact!
+    names.sort!
+    names.uniq!
     return names
   end
 
-- 
cgit v1.2.3