Fix login and search TLS configuration

Currently login and search do not load per registry certificates.
This is a regression caused by the last refactor since this was recently fixed.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2015-07-28 10:36:57 -07:00
parent c219afdb4b
commit ba358690c1
3 changed files with 23 additions and 23 deletions

View file

@ -13,7 +13,6 @@ import (
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/docker/distribution/registry/api/v2" "github.com/docker/distribution/registry/api/v2"
"github.com/docker/distribution/registry/client/transport" "github.com/docker/distribution/registry/client/transport"
"github.com/docker/docker/pkg/tlsconfig"
) )
// for mocking in unit tests // for mocking in unit tests
@ -45,10 +44,11 @@ func scanForAPIVersion(address string) (string, APIVersion) {
// NewEndpoint parses the given address to return a registry endpoint. // NewEndpoint parses the given address to return a registry endpoint.
func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) { func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) {
// *TODO: Allow per-registry configuration of endpoints. tlsConfig, err := newTLSConfig(index.Name, index.Secure)
tlsConfig := tlsconfig.ServerDefault if err != nil {
tlsConfig.InsecureSkipVerify = !index.Secure return nil, err
endpoint, err := newEndpoint(index.GetAuthConfigKey(), &tlsConfig, metaHeaders) }
endpoint, err := newEndpoint(index.GetAuthConfigKey(), tlsConfig, metaHeaders)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -49,6 +49,23 @@ func init() {
dockerUserAgent = useragent.AppendVersions("", httpVersion...) dockerUserAgent = useragent.AppendVersions("", httpVersion...)
} }
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
// PreferredServerCipherSuites should have no effect
tlsConfig := tlsconfig.ServerDefault
tlsConfig.InsecureSkipVerify = !isSecure
if isSecure {
hostDir := filepath.Join(CertsDir, hostname)
logrus.Debugf("hostDir: %s", hostDir)
if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
return nil, err
}
}
return &tlsConfig, nil
}
func hasFile(files []os.FileInfo, name string) bool { func hasFile(files []os.FileInfo, name string) bool {
for _, f := range files { for _, f := range files {
if f.Name() == name { if f.Name() == name {

View file

@ -5,10 +5,8 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"path/filepath"
"strings" "strings"
"github.com/Sirupsen/logrus"
"github.com/docker/distribution/registry/client/auth" "github.com/docker/distribution/registry/client/auth"
"github.com/docker/docker/cliconfig" "github.com/docker/docker/cliconfig"
"github.com/docker/docker/pkg/tlsconfig" "github.com/docker/docker/pkg/tlsconfig"
@ -99,22 +97,7 @@ func (e APIEndpoint) ToV1Endpoint(metaHeaders http.Header) (*Endpoint, error) {
// TLSConfig constructs a client TLS configuration based on server defaults // TLSConfig constructs a client TLS configuration based on server defaults
func (s *Service) TLSConfig(hostname string) (*tls.Config, error) { func (s *Service) TLSConfig(hostname string) (*tls.Config, error) {
// PreferredServerCipherSuites should have no effect return newTLSConfig(hostname, s.Config.isSecureIndex(hostname))
tlsConfig := tlsconfig.ServerDefault
isSecure := s.Config.isSecureIndex(hostname)
tlsConfig.InsecureSkipVerify = !isSecure
if isSecure {
hostDir := filepath.Join(CertsDir, hostname)
logrus.Debugf("hostDir: %s", hostDir)
if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
return nil, err
}
}
return &tlsConfig, nil
} }
func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) { func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {