some comments inline:
> diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
> index 1c7d033..5ddbd07 100755
> --- a/PVE/HTTPServer.pm
> +++ b/PVE/HTTPServer.pm
> @@ -105,6 +105,53 @@ sub get_login_formatter {
> return $info->{func};
> }
>
> +my $cert_cache_nodes = {};
> +my
comments inline:
> +sub check_cert_fp {
> +my ($fp) = @_;
> +
> +my $check = sub {
> + for my $expected (keys %$cert_cache_fingerprints) {
> + return 1 if $fp eq $expected;
> + }
> + return 0;
> +};
> +
> +return 1 if &$check();
> +
> +# refresh cache and
when forwarding an API request to the responsible node,
only accept the certificate that this node should have
according to the contents of the cluster file system.
to limit performance issues, cache certificate fingerprint
on first request for each node, and only regenerate cache
(once) if the
