Fix race in httpsRequestModifier.ModifyRequest when writing tlsConfig
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
This commit is contained in:
parent
a1ade52bb6
commit
8fc7d769ab
@ -14,6 +14,7 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Sirupsen/logrus"
|
"github.com/Sirupsen/logrus"
|
||||||
@ -56,7 +57,10 @@ func init() {
|
|||||||
dockerUserAgent = useragent.AppendVersions("", httpVersion...)
|
dockerUserAgent = useragent.AppendVersions("", httpVersion...)
|
||||||
}
|
}
|
||||||
|
|
||||||
type httpsRequestModifier struct{ tlsConfig *tls.Config }
|
type httpsRequestModifier struct {
|
||||||
|
mu sync.Mutex
|
||||||
|
tlsConfig *tls.Config
|
||||||
|
}
|
||||||
|
|
||||||
// DRAGONS(tiborvass): If someone wonders why do we set tlsconfig in a roundtrip,
|
// DRAGONS(tiborvass): If someone wonders why do we set tlsconfig in a roundtrip,
|
||||||
// it's because it's so as to match the current behavior in master: we generate the
|
// it's because it's so as to match the current behavior in master: we generate the
|
||||||
@ -125,8 +129,10 @@ func (m *httpsRequestModifier) ModifyRequest(req *http.Request) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
m.mu.Lock()
|
||||||
m.tlsConfig.RootCAs = roots
|
m.tlsConfig.RootCAs = roots
|
||||||
m.tlsConfig.Certificates = certs
|
m.tlsConfig.Certificates = certs
|
||||||
|
m.mu.Unlock()
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -175,7 +181,7 @@ func NewTransport(timeout TimeoutType, secure bool) http.RoundTripper {
|
|||||||
if secure {
|
if secure {
|
||||||
// note: httpsTransport also handles http transport
|
// note: httpsTransport also handles http transport
|
||||||
// but for HTTPS, it sets up the certs
|
// but for HTTPS, it sets up the certs
|
||||||
return transport.NewTransport(tr, &httpsRequestModifier{tlsConfig})
|
return transport.NewTransport(tr, &httpsRequestModifier{tlsConfig: tlsConfig})
|
||||||
}
|
}
|
||||||
|
|
||||||
return tr
|
return tr
|
||||||
|
Loading…
Reference in New Issue
Block a user