6c2626b90e
This patch creates a new `tlsconfig` package to handle creation of secure-enough TLS configurations for clients and servers. The package was created by refactoring TLS code in the client and the daemon. After this patch, it is expected that all code creating TLS configurations use this `tlsconfig` package for greater security, consistency and readability. On the server side, this fixes a bug where --tlsverify was not taken into account. Now, if specified, it will require the client to authenticate. Signed-off-by: Tibor Vass <tibor@docker.com>
20 lines
426 B
Go
20 lines
426 B
Go
package sockets
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net"
|
|
|
|
"github.com/docker/docker/pkg/listenbuffer"
|
|
)
|
|
|
|
func NewTcpSocket(addr string, tlsConfig *tls.Config, activate <-chan struct{}) (net.Listener, error) {
|
|
l, err := listenbuffer.NewListenBuffer("tcp", addr, activate)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if tlsConfig != nil {
|
|
tlsConfig.NextProtos = []string{"http/1.1"}
|
|
l = tls.NewListener(l, tlsConfig)
|
|
}
|
|
return l, nil
|
|
}
|