From a2d887b6f5a1a97b6bc5d015054f7d290088892c Mon Sep 17 00:00:00 2001
From: Dmitry Sharshakov <d3dx12.xx@gmail.com>
Date: Mon, 25 Nov 2019 13:12:54 +0300
Subject: [PATCH] Use certs.d  from XDG_CONFIG_HOME  when in rootless mode

Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
(cherry picked from commit f4fa98f583a64d736eea1bb3a8fab755e159fdf4)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 registry/registry.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/registry/registry.go b/registry/registry.go
index 6727b7dc32..3d1e1aa58a 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -17,6 +17,9 @@ import (
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/sirupsen/logrus"
+
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/rootless"
 )
 
 var (
@@ -32,7 +35,19 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 	tlsConfig.InsecureSkipVerify = !isSecure
 
 	if isSecure && CertsDir != "" {
-		hostDir := filepath.Join(CertsDir, cleanPath(hostname))
+		certsDir := CertsDir
+
+		if rootless.RunningWithRootlessKit() {
+			configHome, err := homedir.GetConfigHome()
+			if err != nil {
+				return nil, err
+			}
+
+			certsDir = filepath.Join(configHome, "docker/certs.d")
+		}
+
+		hostDir := filepath.Join(certsDir, cleanPath(hostname))
+
 		logrus.Debugf("hostDir: %s", hostDir)
 		if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
 			return nil, err