diff --git a/registry/search_endpoint_v1.go b/registry/search_endpoint_v1.go index de396ddf8f..015f8eb0c6 100644 --- a/registry/search_endpoint_v1.go +++ b/registry/search_endpoint_v1.go @@ -48,37 +48,24 @@ func newV1Endpoint(index *registry.IndexInfo, headers http.Header) (*v1Endpoint, return endpoint, nil } - err = validateEndpoint(endpoint) - if err != nil { - return nil, err - } - - return endpoint, nil -} - -func validateEndpoint(endpoint *v1Endpoint) error { // Try HTTPS ping to registry endpoint.URL.Scheme = "https" if _, err := endpoint.ping(); err != nil { if endpoint.IsSecure { // If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry` - // in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP. - return invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) + // in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fall back to HTTP. + return nil, invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) } - // If registry is insecure and HTTPS failed, fallback to HTTP. + // registry is insecure and HTTPS failed, fallback to HTTP. log.G(context.TODO()).WithError(err).Debugf("error from registry %q marked as insecure - insecurely falling back to HTTP", endpoint) endpoint.URL.Scheme = "http" - - var err2 error - if _, err2 = endpoint.ping(); err2 == nil { - return nil + if _, err2 := endpoint.ping(); err2 != nil { + return nil, invalidParamf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2) } - - return invalidParamf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2) } - return nil + return endpoint, nil } // trimV1Address trims the "v1" version suffix off the address and returns diff --git a/registry/search_endpoint_v1_test.go b/registry/search_endpoint_v1_test.go index 81d4f0b5a4..a03aabef71 100644 --- a/registry/search_endpoint_v1_test.go +++ b/registry/search_endpoint_v1_test.go @@ -3,7 +3,6 @@ package registry // import "github.com/docker/docker/registry" import ( "net/http" "net/http/httptest" - "net/url" "os" "strings" "testing" @@ -168,20 +167,11 @@ func TestV1EndpointValidate(t *testing.T) { testServer := httptest.NewServer(requireBasicAuthHandler) defer testServer.Close() - testServerURL, err := url.Parse(testServer.URL) + testEndpoint, err := newV1Endpoint(®istry.IndexInfo{Name: testServer.URL}, nil) if err != nil { t.Fatal(err) } - testEndpoint := v1Endpoint{ - URL: testServerURL, - client: httpClient(newTransport(nil)), - } - - if err = validateEndpoint(&testEndpoint); err != nil { - t.Fatal(err) - } - if testEndpoint.URL.Scheme != "http" { t.Fatalf("expecting to validate endpoint as http, got url %s", testEndpoint.String()) }