From bcd0f0cdc48180307d15c854f75e000b72f12ac8 Mon Sep 17 00:00:00 2001
From: Michal Gebauer <mishak@mishak.net>
Date: Thu, 19 Nov 2015 23:30:29 +0100
Subject: [PATCH] Check if CertsDir is not empty

Signed-off-by: Michal Gebauer <mishak@mishak.net>
---
 registry/config_unix.go | 2 ++
 registry/registry.go    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/registry/config_unix.go b/registry/config_unix.go
index 32f167d08b..df970181de 100644
--- a/registry/config_unix.go
+++ b/registry/config_unix.go
@@ -8,7 +8,9 @@ const (
 
 	// DefaultV2Registry is the URI of the default v2 registry
 	DefaultV2Registry = "https://registry-1.docker.io"
+)
 
+var (
 	// CertsDir is the directory where certificates are stored
 	CertsDir = "/etc/docker/certs.d"
 )
diff --git a/registry/registry.go b/registry/registry.go
index 9c8666eaca..6a0587a237 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -62,7 +62,7 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 
 	tlsConfig.InsecureSkipVerify = !isSecure
 
-	if isSecure {
+	if isSecure && CertsDir != "" {
 		hostDir := filepath.Join(CertsDir, cleanPath(hostname))
 		logrus.Debugf("hostDir: %s", hostDir)
 		if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {