Fix login and search TLS configuration

Currently login and search do not load per registry certificates. This is a regression caused by the last refactor since this was recently fixed. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-28 10:36:57 -07:00 · 2015-07-28 10:36:57 -07:00 · ba358690c1
parent c219afdb4b
commit ba358690c1
3 changed files with 23 additions and 23 deletions
--- a/docs/endpoint.go
+++ b/docs/endpoint.go
@ -13,7 +13,6 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client/transport"
-	"github.com/docker/docker/pkg/tlsconfig"
 )

 // for mocking in unit tests
@ -45,10 +44,11 @@ func scanForAPIVersion(address string) (string, APIVersion) {

 // NewEndpoint parses the given address to return a registry endpoint.
 func NewEndpoint(index *IndexInfo, metaHeaders http.Header) (*Endpoint, error) {
-	// *TODO: Allow per-registry configuration of endpoints.
-	tlsConfig := tlsconfig.ServerDefault
-	tlsConfig.InsecureSkipVerify = !index.Secure
-	endpoint, err := newEndpoint(index.GetAuthConfigKey(), &tlsConfig, metaHeaders)
+	tlsConfig, err := newTLSConfig(index.Name, index.Secure)
+	if err != nil {
+		return nil, err
+	}
+	endpoint, err := newEndpoint(index.GetAuthConfigKey(), tlsConfig, metaHeaders)
 	if err != nil {
 		return nil, err
 	}
--- a/docs/registry.go
+++ b/docs/registry.go
@ -49,6 +49,23 @@ func init() {
 	dockerUserAgent = useragent.AppendVersions("", httpVersion...)
 }

+func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
+	// PreferredServerCipherSuites should have no effect
+	tlsConfig := tlsconfig.ServerDefault
+
+	tlsConfig.InsecureSkipVerify = !isSecure
+
+	if isSecure {
+		hostDir := filepath.Join(CertsDir, hostname)
+		logrus.Debugf("hostDir: %s", hostDir)
+		if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
+			return nil, err
+		}
+	}
+
+	return &tlsConfig, nil
+}
+
 func hasFile(files []os.FileInfo, name string) bool {
 	for _, f := range files {
 		if f.Name() == name {
--- a/docs/service.go
+++ b/docs/service.go
@ -5,10 +5,8 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
-	"path/filepath"
 	"strings"

-	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/docker/cliconfig"
 	"github.com/docker/docker/pkg/tlsconfig"
@ -99,22 +97,7 @@ func (e APIEndpoint) ToV1Endpoint(metaHeaders http.Header) (*Endpoint, error) {

 // TLSConfig constructs a client TLS configuration based on server defaults
 func (s *Service) TLSConfig(hostname string) (*tls.Config, error) {
-	// PreferredServerCipherSuites should have no effect
-	tlsConfig := tlsconfig.ServerDefault
-
-	isSecure := s.Config.isSecureIndex(hostname)
-
-	tlsConfig.InsecureSkipVerify = !isSecure
-
-	if isSecure {
-		hostDir := filepath.Join(CertsDir, hostname)
-		logrus.Debugf("hostDir: %s", hostDir)
-		if err := ReadCertsDirectory(&tlsConfig, hostDir); err != nil {
-			return nil, err
-		}
-	}
-
-	return &tlsConfig, nil
+	return newTLSConfig(hostname, s.Config.isSecureIndex(hostname))
 }

 func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {