---
fixes:
  - |
    Before this patch, invalid certificates would be detected close to the end
    of the deployment.  In small environments, this comes fast but in an environment
    with a large number of nodes, failures would come really late after a few
    hours of deployment.   With this validation, it now fails before step1 at
    host_prep_steps if the certificate is smaller than 512 bytes if UsePublicTLS
    is set to true and PublicSSLCertificateAutogenerated is set to false.  It will
    also use openssl to verify the state of the certificate and fail if the certificate
    is invalid or expired.