Browse Source

registry: don't iterate through certs

the golang tls.Conn does a fine job of that.
http://golang.org/src/pkg/crypto/tls/handshake_client.go?#L334

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Vincent Batts 10 years ago
parent
commit
a368e064a9
1 changed files with 8 additions and 21 deletions
  1. 8 21
      registry/registry.go

+ 8 - 21
registry/registry.go

@@ -36,15 +36,12 @@ const (
 	ConnectTimeout
 	ConnectTimeout
 )
 )
 
 
-func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
+func newClient(jar http.CookieJar, roots *x509.CertPool, certs []tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
 	tlsConfig := tls.Config{
 	tlsConfig := tls.Config{
 		RootCAs: roots,
 		RootCAs: roots,
 		// Avoid fallback to SSL protocols < TLS1.0
 		// Avoid fallback to SSL protocols < TLS1.0
-		MinVersion: tls.VersionTLS10,
-	}
-
-	if cert != nil {
-		tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
+		MinVersion:   tls.VersionTLS10,
+		Certificates: certs,
 	}
 	}
 
 
 	if !secure {
 	if !secure {
@@ -94,7 +91,7 @@ func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate,
 func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
 func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
 	var (
 	var (
 		pool  *x509.CertPool
 		pool  *x509.CertPool
-		certs []*tls.Certificate
+		certs []tls.Certificate
 	)
 	)
 
 
 	if secure && req.URL.Scheme == "https" {
 	if secure && req.URL.Scheme == "https" {
@@ -137,7 +134,7 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
 				if err != nil {
 				if err != nil {
 					return nil, nil, err
 					return nil, nil, err
 				}
 				}
-				certs = append(certs, &cert)
+				certs = append(certs, cert)
 			}
 			}
 			if strings.HasSuffix(f.Name(), ".key") {
 			if strings.HasSuffix(f.Name(), ".key") {
 				keyName := f.Name()
 				keyName := f.Name()
@@ -159,19 +156,9 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
 		return res, client, nil
 		return res, client, nil
 	}
 	}
 
 
-	for i, cert := range certs {
-		client := newClient(jar, pool, cert, timeout, secure)
-		res, err := client.Do(req)
-		// If this is the last cert, otherwise, continue to next cert if 403 or 5xx
-		if i == len(certs)-1 || err == nil &&
-			res.StatusCode != 403 &&
-			res.StatusCode != 404 &&
-			res.StatusCode < 500 {
-			return res, client, err
-		}
-	}
-
-	return nil, nil, nil
+	client := newClient(jar, pool, certs, timeout, secure)
+	res, err := client.Do(req)
+	return res, client, err
 }
 }
 
 
 func validateRepositoryName(repositoryName string) error {
 func validateRepositoryName(repositoryName string) error {