registry: don't iterate through certs
the golang tls.Conn does a fine job of that. http://golang.org/src/pkg/crypto/tls/handshake_client.go?#L334 Signed-off-by: Vincent Batts <vbatts@redhat.com>
This commit is contained in:
parent
eba996acfb
commit
7dd4199fe8
1 changed files with 8 additions and 21 deletions
|
@ -36,15 +36,12 @@ const (
|
||||||
ConnectTimeout
|
ConnectTimeout
|
||||||
)
|
)
|
||||||
|
|
||||||
func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
|
func newClient(jar http.CookieJar, roots *x509.CertPool, certs []tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
|
||||||
tlsConfig := tls.Config{
|
tlsConfig := tls.Config{
|
||||||
RootCAs: roots,
|
RootCAs: roots,
|
||||||
// Avoid fallback to SSL protocols < TLS1.0
|
// Avoid fallback to SSL protocols < TLS1.0
|
||||||
MinVersion: tls.VersionTLS10,
|
MinVersion: tls.VersionTLS10,
|
||||||
}
|
Certificates: certs,
|
||||||
|
|
||||||
if cert != nil {
|
|
||||||
tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !secure {
|
if !secure {
|
||||||
|
@ -94,7 +91,7 @@ func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate,
|
||||||
func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
|
func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
|
||||||
var (
|
var (
|
||||||
pool *x509.CertPool
|
pool *x509.CertPool
|
||||||
certs []*tls.Certificate
|
certs []tls.Certificate
|
||||||
)
|
)
|
||||||
|
|
||||||
if secure && req.URL.Scheme == "https" {
|
if secure && req.URL.Scheme == "https" {
|
||||||
|
@ -137,7 +134,7 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
certs = append(certs, &cert)
|
certs = append(certs, cert)
|
||||||
}
|
}
|
||||||
if strings.HasSuffix(f.Name(), ".key") {
|
if strings.HasSuffix(f.Name(), ".key") {
|
||||||
keyName := f.Name()
|
keyName := f.Name()
|
||||||
|
@ -159,20 +156,10 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
|
||||||
return res, client, nil
|
return res, client, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, cert := range certs {
|
client := newClient(jar, pool, certs, timeout, secure)
|
||||||
client := newClient(jar, pool, cert, timeout, secure)
|
|
||||||
res, err := client.Do(req)
|
res, err := client.Do(req)
|
||||||
// If this is the last cert, otherwise, continue to next cert if 403 or 5xx
|
|
||||||
if i == len(certs)-1 || err == nil &&
|
|
||||||
res.StatusCode != 403 &&
|
|
||||||
res.StatusCode != 404 &&
|
|
||||||
res.StatusCode < 500 {
|
|
||||||
return res, client, err
|
return res, client, err
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return nil, nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func validateRepositoryName(repositoryName string) error {
|
func validateRepositoryName(repositoryName string) error {
|
||||||
var (
|
var (
|
||||||
|
|
Loading…
Reference in a new issue