Browse code
Fix login and search TLS configuration
Currently login and search do not load per registry certificates.
This is a regression caused by the last refactor since this was recently fixed.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Derek McGowan authored on 2015/07/29 02:36:57Showing 3 changed files
| ... | ... |
@@ -13,7 +13,6 @@ import ( |
| 13 | 13 |
"github.com/Sirupsen/logrus" |
| 14 | 14 |
"github.com/docker/distribution/registry/api/v2" |
| 15 | 15 |
"github.com/docker/distribution/registry/client/transport" |
| 16 |
- "github.com/docker/docker/pkg/tlsconfig" |
|
| 17 | 16 |
) |
| 18 | 17 |
|
| 19 | 18 |
// for mocking in unit tests |
| ... | ... |
@@ -45,10 +44,11 @@ func scanForAPIVersion(address string) (string, APIVersion) {
|
| 45 | 45 |
|
| 46 | 46 |
// NewEndpoint parses the given address to return a registry endpoint. |
| 47 | 47 |
func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) {
|
| 48 |
- // *TODO: Allow per-registry configuration of endpoints. |
|
| 49 |
- tlsConfig := tlsconfig.ServerDefault |
|
| 50 |
- tlsConfig.InsecureSkipVerify = !index.Secure |
|
| 51 |
- endpoint, err := newEndpoint(index.GetAuthConfigKey(), &tlsConfig, metaHeaders) |
|
| 48 |
+ tlsConfig, err := newTLSConfig(index.Name, index.Secure) |
|
| 49 |
+ if err != nil {
|
|
| 50 |
+ return nil, err |
|
| 51 |
+ } |
|
| 52 |
+ endpoint, err := newEndpoint(index.GetAuthConfigKey(), tlsConfig, metaHeaders) |
|
| 52 | 53 |
if err != nil {
|
| 53 | 54 |
return nil, err |
| 54 | 55 |
} |
| ... | ... |
@@ -49,6 +49,23 @@ func init() {
|
| 49 | 49 |
dockerUserAgent = useragent.AppendVersions("", httpVersion...)
|
| 50 | 50 |
} |
| 51 | 51 |
|
| 52 |
+func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
|
| 53 |
+ // PreferredServerCipherSuites should have no effect |
|
| 54 |
+ tlsConfig := tlsconfig.ServerDefault |
|
| 55 |
+ |
|
| 56 |
+ tlsConfig.InsecureSkipVerify = !isSecure |
|
| 57 |
+ |
|
| 58 |
+ if isSecure {
|
|
| 59 |
+ hostDir := filepath.Join(CertsDir, hostname) |
|
| 60 |
+ logrus.Debugf("hostDir: %s", hostDir)
|
|
| 61 |
+ if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
|
|
| 62 |
+ return nil, err |
|
| 63 |
+ } |
|
| 64 |
+ } |
|
| 65 |
+ |
|
| 66 |
+ return &tlsConfig, nil |
|
| 67 |
+} |
|
| 68 |
+ |
|
| 52 | 69 |
func hasFile(files []os.FileInfo, name string) bool {
|
| 53 | 70 |
for _, f := range files {
|
| 54 | 71 |
if f.Name() == name {
|
| ... | ... |
@@ -5,10 +5,8 @@ import ( |
| 5 | 5 |
"fmt" |
| 6 | 6 |
"net/http" |
| 7 | 7 |
"net/url" |
| 8 |
- "path/filepath" |
|
| 9 | 8 |
"strings" |
| 10 | 9 |
|
| 11 |
- "github.com/Sirupsen/logrus" |
|
| 12 | 10 |
"github.com/docker/distribution/registry/client/auth" |
| 13 | 11 |
"github.com/docker/docker/cliconfig" |
| 14 | 12 |
"github.com/docker/docker/pkg/tlsconfig" |
| ... | ... |
@@ -99,22 +97,7 @@ func (e APIEndpoint) ToV1Endpoint(metaHeaders http.Header) (*Endpoint, error) {
|
| 99 | 99 |
|
| 100 | 100 |
// TLSConfig constructs a client TLS configuration based on server defaults |
| 101 | 101 |
func (s *Service) TLSConfig(hostname string) (*tls.Config, error) {
|
| 102 |
- // PreferredServerCipherSuites should have no effect |
|
| 103 |
- tlsConfig := tlsconfig.ServerDefault |
|
| 104 |
- |
|
| 105 |
- isSecure := s.Config.isSecureIndex(hostname) |
|
| 106 |
- |
|
| 107 |
- tlsConfig.InsecureSkipVerify = !isSecure |
|
| 108 |
- |
|
| 109 |
- if isSecure {
|
|
| 110 |
- hostDir := filepath.Join(CertsDir, hostname) |
|
| 111 |
- logrus.Debugf("hostDir: %s", hostDir)
|
|
| 112 |
- if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
|
|
| 113 |
- return nil, err |
|
| 114 |
- } |
|
| 115 |
- } |
|
| 116 |
- |
|
| 117 |
- return &tlsConfig, nil |
|
| 102 |
+ return newTLSConfig(hostname, s.Config.isSecureIndex(hostname)) |
|
| 118 | 103 |
} |
| 119 | 104 |
|
| 120 | 105 |
func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {
|