1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Merge pull request #8577 from vbatts/vbatts-registry_certs

registry: don't iterate through certs
This commit is contained in:
unclejack 2014-11-05 09:46:24 +02:00
commit 662efd95c7

View file

@ -36,15 +36,12 @@ const (
ConnectTimeout
)
func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
func newClient(jar http.CookieJar, roots *x509.CertPool, certs []tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
tlsConfig := tls.Config{
RootCAs: roots,
// Avoid fallback to SSL protocols < TLS1.0
MinVersion: tls.VersionTLS10,
}
if cert != nil {
tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
MinVersion: tls.VersionTLS10,
Certificates: certs,
}
if !secure {
@ -94,7 +91,7 @@ func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate,
func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
var (
pool *x509.CertPool
certs []*tls.Certificate
certs []tls.Certificate
)
if secure && req.URL.Scheme == "https" {
@ -137,7 +134,7 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
if err != nil {
return nil, nil, err
}
certs = append(certs, &cert)
certs = append(certs, cert)
}
if strings.HasSuffix(f.Name(), ".key") {
keyName := f.Name()
@ -159,19 +156,9 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
return res, client, nil
}
for i, cert := range certs {
client := newClient(jar, pool, cert, timeout, secure)
res, err := client.Do(req)
// If this is the last cert, otherwise, continue to next cert if 403 or 5xx
if i == len(certs)-1 || err == nil &&
res.StatusCode != 403 &&
res.StatusCode != 404 &&
res.StatusCode < 500 {
return res, client, err
}
}
return nil, nil, nil
client := newClient(jar, pool, certs, timeout, secure)
res, err := client.Do(req)
return res, client, err
}
func validateRepositoryName(repositoryName string) error {