From 3a6fe4c5c9bc8119c5468b3d1fa8b7046d87ca8f Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 14 Oct 2014 09:19:45 -0400 Subject: [PATCH] On Red Hat Registry Servers we return 404 on certification errors. We do this to prevent leakage of information, we don't want people to be able to probe for existing content. According to RFC 2616, "This status code (404) is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response i is applicable." https://www.ietf.org/rfc/rfc2616.txt 10.4.4 403 Forbidden The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead. 10.4.5 404 Not Found The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable. When docker is running through its certificates, it should continue trying with a new certificate even if it gets back a 404 error code. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/registry.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/registry.go b/docs/registry.go index 0c648a94..d1315ed4 100644 --- a/docs/registry.go +++ b/docs/registry.go @@ -147,7 +147,10 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType) (*htt client := newClient(jar, pool, cert, timeout) res, err := client.Do(req) // If this is the last cert, otherwise, continue to next cert if 403 or 5xx - if i == len(certs)-1 || err == nil && res.StatusCode != 403 && res.StatusCode < 500 { + if i == len(certs)-1 || err == nil && + res.StatusCode != 403 && + res.StatusCode != 404 && + res.StatusCode < 500 { return res, client, err } }