From 5c93976bdbcc8eff727f28f49af07ad62488e91f Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 24 Aug 2017 16:57:06 -0400
Subject: [PATCH] Fix errant certificate handling

Non-replacement detection was being treated as replacement.  Correct
that mistake.
---
 confluent_server/confluent/discovery/core.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/confluent/discovery/core.py b/confluent_server/confluent/discovery/core.py
index 3af7ced3..130f99f8 100644
--- a/confluent_server/confluent/discovery/core.py
+++ b/confluent_server/confluent/discovery/core.py
@@ -719,7 +719,7 @@ def discover_node(cfg, handler, info, nodename, manual):
     if 'pxe' in policies and info['handler'] == pxeh:
         return do_pxe_discovery(cfg, handler, info, manual, nodename, policies)
     elif ('permissive' in policies and handler.https_supported and lastfp and
-            not manual):
+            not util.cert_matches(lastfp, handler.https_cert) and not manual):
         info['discofailure'] = 'fingerprint'
         log.log({'info': 'Detected replacement of {0} with existing '
                          'fingerprint and permissive discovery policy, not '