diff --git a/docs/auth.go b/docs/auth.go index 3207c87e..bb91c95c 100644 --- a/docs/auth.go +++ b/docs/auth.go @@ -1,6 +1,7 @@ package registry import ( + "crypto/tls" "encoding/base64" "encoding/json" "errors" @@ -70,10 +71,19 @@ func (auth *RequestAuthorization) getToken() (string, error) { return auth.tokenCache, nil } + tlsConfig := tls.Config{ + MinVersion: tls.VersionTLS10, + } + if !auth.registryEndpoint.IsSecure { + tlsConfig.InsecureSkipVerify = true + } + client := &http.Client{ Transport: &http.Transport{ DisableKeepAlives: true, - Proxy: http.ProxyFromEnvironment}, + Proxy: http.ProxyFromEnvironment, + TLSClientConfig: &tlsConfig, + }, CheckRedirect: AddRequiredHeadersToRedirectedRequests, } factory := HTTPRequestFactory(nil) @@ -362,10 +372,18 @@ func loginV1(authConfig *AuthConfig, registryEndpoint *Endpoint, factory *utils. func loginV2(authConfig *AuthConfig, registryEndpoint *Endpoint, factory *utils.HTTPRequestFactory) (string, error) { log.Debugf("attempting v2 login to registry endpoint %s", registryEndpoint) + tlsConfig := tls.Config{ + MinVersion: tls.VersionTLS10, + } + if !registryEndpoint.IsSecure { + tlsConfig.InsecureSkipVerify = true + } + client := &http.Client{ Transport: &http.Transport{ DisableKeepAlives: true, Proxy: http.ProxyFromEnvironment, + TLSClientConfig: &tlsConfig, }, CheckRedirect: AddRequiredHeadersToRedirectedRequests, }