Browse code
Add better client error for client certificate failure (missing or denied)
This adds a more meaningful error on the client side so the "bad
certificate" error coming from the TLS dial code has some context for
the user.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Phil Estes authored on 2015/06/06 05:48:59Showing 1 changed files
| ... | ... |
@@ -102,6 +102,10 @@ func (cli *DockerCli) clientRequest(method, path string, in io.Reader, headers m |
| 102 | 102 |
if cli.tlsConfig == nil {
|
| 103 | 103 |
return serverResp, fmt.Errorf("%v.\n* Are you trying to connect to a TLS-enabled daemon without TLS?\n* Is your docker daemon up and running?", err)
|
| 104 | 104 |
} |
| 105 |
+ if cli.tlsConfig != nil && strings.Contains(err.Error(), "remote error: bad certificate") {
|
|
| 106 |
+ return serverResp, fmt.Errorf("The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings: %v", err)
|
|
| 107 |
+ } |
|
| 108 |
+ |
|
| 105 | 109 |
return serverResp, fmt.Errorf("An error occurred trying to connect: %v", err)
|
| 106 | 110 |
} |
| 107 | 111 |
|