From 11380a109e53bc5f388b6212c12794609c0241eb Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Wed, 12 Nov 2014 09:08:45 -0800 Subject: [PATCH] registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere Docker-DCO-1.1-Signed-off-by: Erik Hollensbe (github: erikh) --- registry/endpoint.go | 20 +++++++++++++------- registry/registry_test.go | 24 ++++++------------------ 2 files changed, 19 insertions(+), 25 deletions(-) diff --git a/registry/endpoint.go b/registry/endpoint.go index cb96cb4fc2..0d0749d7a2 100644 --- a/registry/endpoint.go +++ b/registry/endpoint.go @@ -152,19 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) { // IsSecure returns false if the provided hostname is part of the list of insecure registries. // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. func IsSecure(hostname string, insecureRegistries []string) bool { + if hostname == IndexServerAddress() { return true } + + host, _, err := net.SplitHostPort(hostname) + + if err != nil { + host = hostname + } + + if host == "127.0.0.1" || host == "localhost" { + return false + } + if len(insecureRegistries) == 0 { - host, _, err := net.SplitHostPort(hostname) - if err != nil { - host = hostname - } - if host == "127.0.0.1" || host == "localhost" { - return false - } return true } + for _, h := range insecureRegistries { if hostname == h { return false diff --git a/registry/registry_test.go b/registry/registry_test.go index 7191acea30..032c9fbf03 100644 --- a/registry/registry_test.go +++ b/registry/registry_test.go @@ -328,31 +328,19 @@ func TestIsSecure(t *testing.T) { }{ {"example.com", []string{}, true}, {"example.com", []string{"example.com"}, false}, - {"localhost", []string{"localhost:5000"}, true}, + {"localhost", []string{"localhost:5000"}, false}, {"localhost:5000", []string{"localhost:5000"}, false}, - {"localhost", []string{"example.com"}, true}, + {"localhost", []string{"example.com"}, false}, {"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false}, - } - for _, tt := range tests { - if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected { - t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec) - } - } -} - -func TestIsSecure(t *testing.T) { - tests := []struct { - addr string - insecureRegistries []string - expected bool - }{ {"localhost", []string{}, false}, {"localhost:5000", []string{}, false}, {"127.0.0.1", []string{}, false}, - {"localhost", []string{"example.com"}, true}, - {"127.0.0.1", []string{"example.com"}, true}, + {"localhost", []string{"example.com"}, false}, + {"127.0.0.1", []string{"example.com"}, false}, {"example.com", []string{}, true}, {"example.com", []string{"example.com"}, false}, + {"127.0.0.1", []string{"example.com"}, false}, + {"127.0.0.1:5000", []string{"example.com"}, false}, } for _, tt := range tests { if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {