forked from TrueCloudLab/distribution
Fix login and search TLS configuration
Currently login and search do not load per registry certificates. This is a regression caused by the last refactor since this was recently fixed. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
parent
c219afdb4b
commit
ba358690c1
3 changed files with 23 additions and 23 deletions
|
@ -13,7 +13,6 @@ import (
|
||||||
"github.com/Sirupsen/logrus"
|
"github.com/Sirupsen/logrus"
|
||||||
"github.com/docker/distribution/registry/api/v2"
|
"github.com/docker/distribution/registry/api/v2"
|
||||||
"github.com/docker/distribution/registry/client/transport"
|
"github.com/docker/distribution/registry/client/transport"
|
||||||
"github.com/docker/docker/pkg/tlsconfig"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// for mocking in unit tests
|
// for mocking in unit tests
|
||||||
|
@ -45,10 +44,11 @@ func scanForAPIVersion(address string) (string, APIVersion) {
|
||||||
|
|
||||||
// NewEndpoint parses the given address to return a registry endpoint.
|
// NewEndpoint parses the given address to return a registry endpoint.
|
||||||
func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) {
|
func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) {
|
||||||
// *TODO: Allow per-registry configuration of endpoints.
|
tlsConfig, err := newTLSConfig(index.Name, index.Secure)
|
||||||
tlsConfig := tlsconfig.ServerDefault
|
if err != nil {
|
||||||
tlsConfig.InsecureSkipVerify = !index.Secure
|
return nil, err
|
||||||
endpoint, err := newEndpoint(index.GetAuthConfigKey(), &tlsConfig, metaHeaders)
|
}
|
||||||
|
endpoint, err := newEndpoint(index.GetAuthConfigKey(), tlsConfig, metaHeaders)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,6 +49,23 @@ func init() {
|
||||||
dockerUserAgent = useragent.AppendVersions("", httpVersion...)
|
dockerUserAgent = useragent.AppendVersions("", httpVersion...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
||||||
|
// PreferredServerCipherSuites should have no effect
|
||||||
|
tlsConfig := tlsconfig.ServerDefault
|
||||||
|
|
||||||
|
tlsConfig.InsecureSkipVerify = !isSecure
|
||||||
|
|
||||||
|
if isSecure {
|
||||||
|
hostDir := filepath.Join(CertsDir, hostname)
|
||||||
|
logrus.Debugf("hostDir: %s", hostDir)
|
||||||
|
if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return &tlsConfig, nil
|
||||||
|
}
|
||||||
|
|
||||||
func hasFile(files []os.FileInfo, name string) bool {
|
func hasFile(files []os.FileInfo, name string) bool {
|
||||||
for _, f := range files {
|
for _, f := range files {
|
||||||
if f.Name() == name {
|
if f.Name() == name {
|
||||||
|
|
|
@ -5,10 +5,8 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
|
||||||
"github.com/docker/distribution/registry/client/auth"
|
"github.com/docker/distribution/registry/client/auth"
|
||||||
"github.com/docker/docker/cliconfig"
|
"github.com/docker/docker/cliconfig"
|
||||||
"github.com/docker/docker/pkg/tlsconfig"
|
"github.com/docker/docker/pkg/tlsconfig"
|
||||||
|
@ -99,22 +97,7 @@ func (e APIEndpoint) ToV1Endpoint(metaHeaders http.Header) (*Endpoint, error) {
|
||||||
|
|
||||||
// TLSConfig constructs a client TLS configuration based on server defaults
|
// TLSConfig constructs a client TLS configuration based on server defaults
|
||||||
func (s *Service) TLSConfig(hostname string) (*tls.Config, error) {
|
func (s *Service) TLSConfig(hostname string) (*tls.Config, error) {
|
||||||
// PreferredServerCipherSuites should have no effect
|
return newTLSConfig(hostname, s.Config.isSecureIndex(hostname))
|
||||||
tlsConfig := tlsconfig.ServerDefault
|
|
||||||
|
|
||||||
isSecure := s.Config.isSecureIndex(hostname)
|
|
||||||
|
|
||||||
tlsConfig.InsecureSkipVerify = !isSecure
|
|
||||||
|
|
||||||
if isSecure {
|
|
||||||
hostDir := filepath.Join(CertsDir, hostname)
|
|
||||||
logrus.Debugf("hostDir: %s", hostDir)
|
|
||||||
if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return &tlsConfig, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {
|
func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {
|
||||||
|
|
Loading…
Reference in a new issue