We use cookies to ensure you get the best experience on our website
Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
0ct0pu5
/
moby
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Forráskód Böngészése

registry: don't iterate through certs

the golang tls.Conn does a fine job of that.
http://golang.org/src/pkg/crypto/tls/handshake_client.go?#L334

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Vincent Batts 10 éve
szülő
14e65b4f81
commit
a368e064a9
1 módosított fájl, 8 hozzáadás és 21 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 8 21
      registry/registry.go

+ 8 - 21
registry/registry.go
Fájl Megtekintése 

@@ -36,15 +36,12 @@ const (
 
 	ConnectTimeout
 
 )
 
 
-func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
 
+func newClient(jar http.CookieJar, roots *x509.CertPool, certs []tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
 
 	tlsConfig := tls.Config{
 
 		RootCAs: roots,
 
 		// Avoid fallback to SSL protocols < TLS1.0
 
-		MinVersion: tls.VersionTLS10,
 
-	}
 
-
 
-	if cert != nil {
 
-		tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
 
+		MinVersion:   tls.VersionTLS10,
 
+		Certificates: certs,
 
 	}
 
 
 	if !secure {
 
@@ -94,7 +91,7 @@ func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate,
 
 func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secure bool) (*http.Response, *http.Client, error) {
 
 	var (
 
 		pool  *x509.CertPool
 
-		certs []*tls.Certificate
 
+		certs []tls.Certificate
 
 	)
 
 
 	if secure && req.URL.Scheme == "https" {
 
@@ -137,7 +134,7 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
 
 				if err != nil {
 
 					return nil, nil, err
 
 				}
 
-				certs = append(certs, &cert)
 
+				certs = append(certs, cert)
 
 			}
 
 			if strings.HasSuffix(f.Name(), ".key") {
 
 				keyName := f.Name()
 
@@ -159,19 +156,9 @@ func doRequest(req *http.Request, jar http.CookieJar, timeout TimeoutType, secur
 
 		return res, client, nil
 
 	}
 
 
-	for i, cert := range certs {
 
-		client := newClient(jar, pool, cert, timeout, secure)
 
-		res, err := client.Do(req)
 
-		// If this is the last cert, otherwise, continue to next cert if 403 or 5xx
 
-		if i == len(certs)-1 || err == nil &&
 
-			res.StatusCode != 403 &&
 
-			res.StatusCode != 404 &&
 
-			res.StatusCode < 500 {
 
-			return res, client, err
 
-		}
 
-	}
 
-
 
-	return nil, nil, nil
 
+	client := newClient(jar, pool, certs, timeout, secure)
 
+	res, err := client.Do(req)
 
+	return res, client, err
 
 }
 
 
 func validateRepositoryName(repositoryName string) error {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5