Fix race in httpsRequestModifier.ModifyRequest when writing tlsConfig

Signed-off-by: Antonio Murdaca <me@runcom.ninja>
This commit is contained in:
Antonio Murdaca 2015-05-23 23:50:08 +02:00
parent a1ade52bb6
commit 8fc7d769ab

View File

@ -14,6 +14,7 @@ import (
"path/filepath" "path/filepath"
"runtime" "runtime"
"strings" "strings"
"sync"
"time" "time"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
@ -56,7 +57,10 @@ func init() {
dockerUserAgent = useragent.AppendVersions("", httpVersion...) dockerUserAgent = useragent.AppendVersions("", httpVersion...)
} }
type httpsRequestModifier struct{ tlsConfig *tls.Config } type httpsRequestModifier struct {
mu sync.Mutex
tlsConfig *tls.Config
}
// DRAGONS(tiborvass): If someone wonders why do we set tlsconfig in a roundtrip, // DRAGONS(tiborvass): If someone wonders why do we set tlsconfig in a roundtrip,
// it's because it's so as to match the current behavior in master: we generate the // it's because it's so as to match the current behavior in master: we generate the
@ -125,8 +129,10 @@ func (m *httpsRequestModifier) ModifyRequest(req *http.Request) error {
} }
} }
} }
m.mu.Lock()
m.tlsConfig.RootCAs = roots m.tlsConfig.RootCAs = roots
m.tlsConfig.Certificates = certs m.tlsConfig.Certificates = certs
m.mu.Unlock()
} }
return nil return nil
} }
@ -175,7 +181,7 @@ func NewTransport(timeout TimeoutType, secure bool) http.RoundTripper {
if secure { if secure {
// note: httpsTransport also handles http transport // note: httpsTransport also handles http transport
// but for HTTPS, it sets up the certs // but for HTTPS, it sets up the certs
return transport.NewTransport(tr, &httpsRequestModifier{tlsConfig}) return transport.NewTransport(tr, &httpsRequestModifier{tlsConfig: tlsConfig})
} }
return tr return tr