Browse code
Update go connections vendor
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Derek McGowan authored on 2016/11/01 05:38:40Showing 4 changed files
- hack/vendor.sh
- vendor/src/github.com/docker/go-connections/tlsconfig/certpool_go17.go
- vendor/src/github.com/docker/go-connections/tlsconfig/certpool_other.go
- vendor/src/github.com/docker/go-connections/tlsconfig/config.go
| ... | ... |
@@ -64,7 +64,7 @@ clone git github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3 |
| 64 | 64 |
clone git golang.org/x/net 2beffdc2e92c8a3027590f898fe88f69af48a3f8 https://github.com/tonistiigi/net.git |
| 65 | 65 |
clone git golang.org/x/sys eb2c74142fd19a79b3f237334c7384d5167b1b46 https://github.com/golang/sys.git |
| 66 | 66 |
clone git github.com/docker/go-units 8a7beacffa3009a9ac66bad506b18ffdd110cf97 |
| 67 |
-clone git github.com/docker/go-connections 1494b6df4050e60923d68cd8cc6a19e7af9f1c01 |
|
| 67 |
+clone git github.com/docker/go-connections f512407a188ecb16f31a33dbc9c4e4814afc1b03 |
|
| 68 | 68 |
|
| 69 | 69 |
clone git github.com/RackSec/srslog 365bf33cd9acc21ae1c355209865f17228ca534e |
| 70 | 70 |
clone git github.com/imdario/mergo 0.2.1 |
| 71 | 71 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,21 @@ |
| 0 |
+// +build go1.7 |
|
| 1 |
+ |
|
| 2 |
+package tlsconfig |
|
| 3 |
+ |
|
| 4 |
+import ( |
|
| 5 |
+ "crypto/x509" |
|
| 6 |
+ "runtime" |
|
| 7 |
+ |
|
| 8 |
+ "github.com/Sirupsen/logrus" |
|
| 9 |
+) |
|
| 10 |
+ |
|
| 11 |
+// SystemCertPool returns a copy of the system cert pool, |
|
| 12 |
+// returns an error if failed to load or empty pool on windows. |
|
| 13 |
+func SystemCertPool() (*x509.CertPool, error) {
|
|
| 14 |
+ certpool, err := x509.SystemCertPool() |
|
| 15 |
+ if err != nil && runtime.GOOS == "windows" {
|
|
| 16 |
+ logrus.Warnf("Unable to use system certificate pool: %v", err)
|
|
| 17 |
+ return x509.NewCertPool(), nil |
|
| 18 |
+ } |
|
| 19 |
+ return certpool, err |
|
| 20 |
+} |
| 0 | 21 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,16 @@ |
| 0 |
+// +build !go1.7 |
|
| 1 |
+ |
|
| 2 |
+package tlsconfig |
|
| 3 |
+ |
|
| 4 |
+import ( |
|
| 5 |
+ "crypto/x509" |
|
| 6 |
+ |
|
| 7 |
+ "github.com/Sirupsen/logrus" |
|
| 8 |
+) |
|
| 9 |
+ |
|
| 10 |
+// SystemCertPool returns an new empty cert pool, |
|
| 11 |
+// accessing system cert pool is supported in go 1.7 |
|
| 12 |
+func SystemCertPool() (*x509.CertPool, error) {
|
|
| 13 |
+ logrus.Warn("Unable to use system certificate pool: requires building with go 1.7 or later")
|
|
| 14 |
+ return x509.NewCertPool(), nil |
|
| 15 |
+} |
| ... | ... |
@@ -68,10 +68,13 @@ func ClientDefault() *tls.Config {
|
| 68 | 68 |
// certPool returns an X.509 certificate pool from `caFile`, the certificate file. |
| 69 | 69 |
func certPool(caFile string) (*x509.CertPool, error) {
|
| 70 | 70 |
// If we should verify the server, we need to load a trusted ca |
| 71 |
- certPool := x509.NewCertPool() |
|
| 71 |
+ certPool, err := SystemCertPool() |
|
| 72 |
+ if err != nil {
|
|
| 73 |
+ return nil, fmt.Errorf("failed to read system certificates: %v", err)
|
|
| 74 |
+ } |
|
| 72 | 75 |
pem, err := ioutil.ReadFile(caFile) |
| 73 | 76 |
if err != nil {
|
| 74 |
- return nil, fmt.Errorf("Could not read CA certificate %q: %v", caFile, err)
|
|
| 77 |
+ return nil, fmt.Errorf("could not read CA certificate %q: %v", caFile, err)
|
|
| 75 | 78 |
} |
| 76 | 79 |
if !certPool.AppendCertsFromPEM(pem) {
|
| 77 | 80 |
return nil, fmt.Errorf("failed to append certificates from PEM file: %q", caFile)
|