Use either the system root pool or an empty cert pool with custom CA roots,
and not a joint system+custom CA roots pool, when connecting from a docker client to a remote daemon Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li
parent
3c05ff4aef
commit
60d17202f0
1 changed files with 3 additions and 2 deletions
|
|
@ -250,8 +250,9 @@ func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, er
|
|||
// let the api client configure the default transport.
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
config, err := tlsconfig.Client(*tlsOptions)
|
||||
opts := *tlsOptions
|
||||
opts.ExclusiveRootPools = true
|
||||
config, err := tlsconfig.Client(opts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue