Merge pull request #11477 from dmcgowan/fix-auth-http-client

Update auth client configuration to use proper tls config
This commit is contained in:
Arnaud Porterie 2015-03-19 14:17:47 -07:00
commit 4377a9a3bc

View File

@ -1,6 +1,7 @@
package registry package registry
import ( import (
"crypto/tls"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
@ -70,10 +71,19 @@ func (auth *RequestAuthorization) getToken() (string, error) {
return auth.tokenCache, nil return auth.tokenCache, nil
} }
tlsConfig := tls.Config{
MinVersion: tls.VersionTLS10,
}
if !auth.registryEndpoint.IsSecure {
tlsConfig.InsecureSkipVerify = true
}
client := &http.Client{ client := &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
DisableKeepAlives: true, DisableKeepAlives: true,
Proxy: http.ProxyFromEnvironment}, Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tlsConfig,
},
CheckRedirect: AddRequiredHeadersToRedirectedRequests, CheckRedirect: AddRequiredHeadersToRedirectedRequests,
} }
factory := HTTPRequestFactory(nil) factory := HTTPRequestFactory(nil)
@ -362,10 +372,18 @@ func loginV1(authConfig *AuthConfig, registryEndpoint *Endpoint, factory *utils.
func loginV2(authConfig *AuthConfig, registryEndpoint *Endpoint, factory *utils.HTTPRequestFactory) (string, error) { func loginV2(authConfig *AuthConfig, registryEndpoint *Endpoint, factory *utils.HTTPRequestFactory) (string, error) {
log.Debugf("attempting v2 login to registry endpoint %s", registryEndpoint) log.Debugf("attempting v2 login to registry endpoint %s", registryEndpoint)
tlsConfig := tls.Config{
MinVersion: tls.VersionTLS10,
}
if !registryEndpoint.IsSecure {
tlsConfig.InsecureSkipVerify = true
}
client := &http.Client{ client := &http.Client{
Transport: &http.Transport{ Transport: &http.Transport{
DisableKeepAlives: true, DisableKeepAlives: true,
Proxy: http.ProxyFromEnvironment, Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tlsConfig,
}, },
CheckRedirect: AddRequiredHeadersToRedirectedRequests, CheckRedirect: AddRequiredHeadersToRedirectedRequests,
} }