diff --git a/registry/endpoint.go b/registry/endpoint.go index 88dbeafd96..0d0749d7a2 100644 --- a/registry/endpoint.go +++ b/registry/endpoint.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + "net" "net/http" "net/url" "strings" @@ -151,10 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) { // IsSecure returns false if the provided hostname is part of the list of insecure registries. // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. func IsSecure(hostname string, insecureRegistries []string) bool { + if hostname == IndexServerAddress() { return true } + host, _, err := net.SplitHostPort(hostname) + + if err != nil { + host = hostname + } + + if host == "127.0.0.1" || host == "localhost" { + return false + } + + if len(insecureRegistries) == 0 { + return true + } + for _, h := range insecureRegistries { if hostname == h { return false diff --git a/registry/registry_test.go b/registry/registry_test.go index f7b5168b45..032c9fbf03 100644 --- a/registry/registry_test.go +++ b/registry/registry_test.go @@ -328,10 +328,19 @@ func TestIsSecure(t *testing.T) { }{ {"example.com", []string{}, true}, {"example.com", []string{"example.com"}, false}, - {"localhost", []string{"localhost:5000"}, true}, + {"localhost", []string{"localhost:5000"}, false}, {"localhost:5000", []string{"localhost:5000"}, false}, - {"localhost", []string{"example.com"}, true}, + {"localhost", []string{"example.com"}, false}, {"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false}, + {"localhost", []string{}, false}, + {"localhost:5000", []string{}, false}, + {"127.0.0.1", []string{}, false}, + {"localhost", []string{"example.com"}, false}, + {"127.0.0.1", []string{"example.com"}, false}, + {"example.com", []string{}, true}, + {"example.com", []string{"example.com"}, false}, + {"127.0.0.1", []string{"example.com"}, false}, + {"127.0.0.1:5000", []string{"example.com"}, false}, } for _, tt := range tests { if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {