summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2014-06-04 14:56:03 -0700
committerelijah <elijah@riseup.net>2014-06-04 14:56:03 -0700
commitc44046995d130727bf219bac95010594f35293e1 (patch)
treee0617fd1f7977af7ea00d51e20162cc06d8c2c6a
parent2c03995839437729bf48332124a7a30c112dba18 (diff)
ensure that x509 certificates use dns names that are strictly sorted and unique, to prevent unncessary regeneration of certificates.
-rw-r--r--lib/leap_cli/commands/ca.rb7
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index b3d0a9d..46e3494 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -208,11 +208,12 @@ module LeapCli; module Commands
ips << $1 if value =~ /^IP Address:(.*)$/
dns_names << $1 if value =~ /^DNS:(.*)$/
end
+ dns_names.sort!
if ips.first != node.ip_address
log :updating, "cert for node '#{node.name}' because ip_address has changed (from #{ips.first} to #{node.ip_address})"
return true
elsif dns_names != dns_names_for_node(node)
- log :updating, "cert for node '#{node.name}' because domain name aliases have changed (from #{dns_names.inspect} to #{dns_names_for_node(node).inspect})"
+ log :updating, "cert for node '#{node.name}' because domain name aliases have changed\n from: #{dns_names.inspect}\n to: #{dns_names_for_node(node).inspect})"
return true
end
end
@@ -381,8 +382,10 @@ module LeapCli; module Commands
names = [node.domain.internal, node.domain.full]
if node['dns'] && node.dns['aliases'] && node.dns.aliases.any?
names += node.dns.aliases
- names.compact!
end
+ names.compact!
+ names.sort!
+ names.uniq!
return names
end