dkirillov/distribution
1
0
Fork 0
forked from TrueCloudLab/distribution
Code Pull requests Activity

registry: don't iterate through certs

Browse source 
the golang tls.Conn does a fine job of that.
http://golang.org/src/pkg/crypto/tls/handshake_client.go?#L334

Signed-off-by: Vincent Batts <vbatts@redhat.com>
This commit is contained in:
Vincent Batts 2014-10-09 13:52:30 -04:00
parent eba996acfb
commit 7dd4199fe8
1 changed files with 8 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
docs/registry.go
View file

@ -36,15 +36,12 @@ const (
ConnectTimeout ConnectTimeout
) )
func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client { func newClient(jar http.CookieJar, roots *x509.CertPool, certs []tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
tlsConfig := tls.Config{ tlsConfig := tls.Config{
RootCAs: roots, RootCAs: roots,
// Avoid fallback to SSL protocols < TLS1.0 // Avoid fallback to SSL protocols < TLS1.0
MinVersion: tls.VersionTLS10, MinVersion: tls.VersionTLS10,
} Certificates: certs,
if cert != nil {
tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
} }
if !secure { if !secure {
@ -94,7 +91,7 @@ func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate,
func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) { func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
var ( var (
pool *x509.CertPool pool *x509.CertPool
certs []*tls.Certificate certs []tls.Certificate
) )
if secure && req.URL.Scheme == "https" { if secure && req.URL.Scheme == "https" {
@ -137,7 +134,7 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
certs = append(certs, &cert) certs = append(certs, cert)
} }
if strings.HasSuffix(f.Name(), ".key") { if strings.HasSuffix(f.Name(), ".key") {
keyName := f.Name() keyName := f.Name()
@ -159,19 +156,9 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
return res, client, nil return res, client, nil
} }
for i, cert := range certs { client := newClient(jar, pool, certs, timeout, secure)
client := newClient(jar, pool, cert, timeout, secure)
res, err := client.Do(req) res, err := client.Do(req)
// If this is the last cert, otherwise, continue to next cert if 403 or 5xx
if i == len(certs)-1 || err == nil &&
res.StatusCode != 403 &&
res.StatusCode != 404 &&
res.StatusCode < 500 {
return res, client, err return res, client, err
}
}
return nil, nil, nil
} }
func validateRepositoryName(repositoryName string) error { func validateRepositoryName(repositoryName string) error {