Remove pkg/tlsconfig dependency

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

libnetwork/Godeps/Godeps.json

@@ -1,6 +1,7 @@
 {
 	"ImportPath": "github.com/docker/libnetwork",
 	"GoVersion": "go1.5",
+	"GodepVersion": "v74",
 	"Packages": [
 		"./..."
 	],
@@ -175,11 +176,6 @@
 			"Comment": "v1.4.1-12227-g86a7632",
 			"Rev": "86a7632d63bdddb95aaf1472648056a4fb737d38"
 		},
-		{
-			"ImportPath": "github.com/docker/docker/pkg/tlsconfig",
-			"Comment": "v1.4.1-12227-g86a7632",
-			"Rev": "86a7632d63bdddb95aaf1472648056a4fb737d38"
-		},
 		{
 			"ImportPath": "github.com/docker/engine-api/types/network",
 			"Comment": "v0.3.1-210-g25941ec",

libnetwork/Godeps/_workspace/src/github.com/docker/docker/pkg/tlsconfig/config.go

@@ -1,133 +0,0 @@
-// Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.
-//
-// As a reminder from https://golang.org/pkg/crypto/tls/#Config:
-//	A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
-//	A Config may be reused; the tls package will also not modify it.
-package tlsconfig
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io/ioutil"
-	"os"
-
-	"github.com/Sirupsen/logrus"
-)
-
-// Options represents the information needed to create client and server TLS configurations.
-type Options struct {
-	CAFile string
-
-	// If either CertFile or KeyFile is empty, Client() will not load them
-	// preventing the client from authenticating to the server.
-	// However, Server() requires them and will error out if they are empty.
-	CertFile string
-	KeyFile  string
-
-	// client-only option
-	InsecureSkipVerify bool
-	// server-only option
-	ClientAuth tls.ClientAuthType
-}
-
-// Extra (server-side) accepted CBC cipher suites - will phase out in the future
-var acceptedCBCCiphers = []uint16{
-	tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-}
-
-// Client TLS cipher suites (dropping CBC ciphers for client preferred suite set)
-var clientCipherSuites = []uint16{
-	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-}
-
-// DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls
-// options struct but wants to use a commonly accepted set of TLS cipher suites, with
-// known weak algorithms removed.
-var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
-
-// ServerDefault is a secure-enough TLS configuration for the server TLS configuration.
-var ServerDefault = tls.Config{
-	// Avoid fallback to SSL protocols < TLS1.0
-	MinVersion:               tls.VersionTLS10,
-	PreferServerCipherSuites: true,
-	CipherSuites:             DefaultServerAcceptedCiphers,
-}
-
-// ClientDefault is a secure-enough TLS configuration for the client TLS configuration.
-var ClientDefault = tls.Config{
-	// Prefer TLS1.2 as the client minimum
-	MinVersion:   tls.VersionTLS12,
-	CipherSuites: clientCipherSuites,
-}
-
-// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
-func certPool(caFile string) (*x509.CertPool, error) {
-	// If we should verify the server, we need to load a trusted ca
-	certPool := x509.NewCertPool()
-	pem, err := ioutil.ReadFile(caFile)
-	if err != nil {
-		return nil, fmt.Errorf("Could not read CA certificate %q: %v", caFile, err)
-	}
-	if !certPool.AppendCertsFromPEM(pem) {
-		return nil, fmt.Errorf("failed to append certificates from PEM file: %q", caFile)
-	}
-	s := certPool.Subjects()
-	subjects := make([]string, len(s))
-	for i, subject := range s {
-		subjects[i] = string(subject)
-	}
-	logrus.Debugf("Trusting certs with subjects: %v", subjects)
-	return certPool, nil
-}
-
-// Client returns a TLS configuration meant to be used by a client.
-func Client(options Options) (*tls.Config, error) {
-	tlsConfig := ClientDefault
-	tlsConfig.InsecureSkipVerify = options.InsecureSkipVerify
-	if !options.InsecureSkipVerify {
-		CAs, err := certPool(options.CAFile)
-		if err != nil {
-			return nil, err
-		}
-		tlsConfig.RootCAs = CAs
-	}
-
-	if options.CertFile != "" && options.KeyFile != "" {
-		tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
-		if err != nil {
-			return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
-		}
-		tlsConfig.Certificates = []tls.Certificate{tlsCert}
-	}
-
-	return &tlsConfig, nil
-}
-
-// Server returns a TLS configuration meant to be used by a server.
-func Server(options Options) (*tls.Config, error) {
-	tlsConfig := ServerDefault
-	tlsConfig.ClientAuth = options.ClientAuth
-	tlsCert, err := tls.LoadX509KeyPair(options.CertFile, options.KeyFile)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil, fmt.Errorf("Could not load X509 key pair (cert: %q, key: %q): %v", options.CertFile, options.KeyFile, err)
-		}
-		return nil, fmt.Errorf("Error reading X509 key pair (cert: %q, key: %q): %v. Make sure the key is not encrypted.", options.CertFile, options.KeyFile, err)
-	}
-	tlsConfig.Certificates = []tls.Certificate{tlsCert}
-	if options.ClientAuth >= tls.VerifyClientCertIfGiven {
-		CAs, err := certPool(options.CAFile)
-		if err != nil {
-			return nil, err
-		}
-		tlsConfig.ClientCAs = CAs
-	}
-	return &tlsConfig, nil
-}

libnetwork/config/config.go

@@ -6,7 +6,7 @@ import (
 	"github.com/BurntSushi/toml"
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/discovery"
-	"github.com/docker/docker/pkg/tlsconfig"
+	"github.com/docker/go-connections/tlsconfig"
 	"github.com/docker/libkv/store"
 	"github.com/docker/libnetwork/cluster"
 	"github.com/docker/libnetwork/datastore"