[pve-devel] [PATCH cluster] Use a real FQDN when defining the CommonName entry of SSL certs

[Emmanuel Kasper]

The proper way to set the fqdn is via /etc/hosts
or via DNS -see hostname(1)-
---
 data/PVE/Cluster.pm | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index ab57da9..e694d93 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -244,17 +244,19 @@ sub gen_pve_ssl_cert {
 
     my $names = "IP:127.0.0.1,IP:::1,DNS:localhost";
 
-    my $rc = PVE::INotify::read_file('resolvconf');
-
     $names .= ",IP:$ip";
 
-    my $fqdn = $nodename;
+    my $fqdn = PVE::Tools::get_fqdn($nodename);
+    $names .= ",DNS:$nodename,DNS:$fqdn";
 
-    $names .= ",DNS:$nodename";
+    my $rc = PVE::INotify::read_file('resolvconf');
 
     if ($rc && $rc->{search}) {
-	$fqdn = $nodename . "." . $rc->{search};
-	$names .= ",DNS:$fqdn";
+	my $domains = $rc->{search};
+	chomp $domains;
+	foreach my $domain (PVE::Tools::split_list($domains)) {
+	    $names .= ",DNS:${nodename}.${domain}";
+	}
     }
 
     my $sslconf = <<__EOD;
-- 
2.1.4