mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
5e8af46fda
With the --insecure-registry daemon option (or talking to a registry on
a local IP), the daemon will first try TLS, and then try plaintext if
something goes wrong with the push or pull. It doesn't make sense to try
plaintext if a HTTP request went through while using TLS. This commit
changes the logic to keep track of host/port combinations where a TLS
attempt managed to do at least one HTTP request (whether the response
code indicated success or not). If the host/port responded to a HTTP
using TLS, we won't try to make plaintext HTTP requests to it.
This will result in better error messages, which sometimes ended up
showing the result of the plaintext attempt, like this:
Error response from daemon: Get
http://myregistrydomain.com:5000/v2/: malformed HTTP response
"\x15\x03\x01\x00\x02\x02"
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
|
||
|---|---|---|
| .. | ||
| fixtures/validate_manifest | ||
| metadata | ||
| xfer | ||
| errors.go | ||
| pull.go | ||
| pull_v1.go | ||
| pull_v2.go | ||
| pull_v2_test.go | ||
| pull_v2_unix.go | ||
| pull_v2_windows.go | ||
| push.go | ||
| push_v1.go | ||
| push_v2.go | ||
| registry.go | ||
| registry_unit_test.go | ||