Merge pull request #19319 from calavera/fix_tls_config_for_response_hijacking
Fix response hijacking with TLS enabled.
This commit is contained in:
commit
742a7d53f2
4 changed files with 29 additions and 7 deletions
|
@ -22,7 +22,7 @@ clone git github.com/vdemeester/shakers 3c10293ce22b900c27acad7b28656196fcc2f73b
|
|||
clone git golang.org/x/net 47990a1ba55743e6ef1affd3a14e5bac8553615d https://github.com/golang/net.git
|
||||
clone git github.com/docker/go-units 651fc226e7441360384da338d0fd37f2440ffbe3
|
||||
clone git github.com/docker/go-connections v0.1.2
|
||||
clone git github.com/docker/engine-api v0.2.1
|
||||
clone git github.com/docker/engine-api v0.2.2
|
||||
clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de
|
||||
|
||||
#get libnetwork packages
|
||||
|
|
|
@ -1439,6 +1439,29 @@ func (s *DockerDaemonSuite) TestHttpsInfo(c *check.C) {
|
|||
}
|
||||
}
|
||||
|
||||
// TestHttpsRun connects via two-way authenticated HTTPS to the create, attach, start, and wait endpoints.
|
||||
// https://github.com/docker/docker/issues/19280
|
||||
func (s *DockerDaemonSuite) TestHttpsRun(c *check.C) {
|
||||
const (
|
||||
testDaemonHTTPSAddr = "tcp://localhost:4271"
|
||||
)
|
||||
|
||||
if err := s.d.StartWithBusybox("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem",
|
||||
"--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil {
|
||||
c.Fatalf("Could not start daemon with busybox: %v", err)
|
||||
}
|
||||
|
||||
daemonArgs := []string{"--host", testDaemonHTTPSAddr, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-cert.pem", "--tlskey", "fixtures/https/client-key.pem"}
|
||||
out, err := s.d.CmdWithArgs(daemonArgs, "run", "busybox", "echo", "TLS response")
|
||||
if err != nil {
|
||||
c.Fatalf("Error Occurred: %s and output: %s", err, out)
|
||||
}
|
||||
|
||||
if !strings.Contains(out, "TLS response") {
|
||||
c.Fatalf("expected output to include `TLS response`, got %v", out)
|
||||
}
|
||||
}
|
||||
|
||||
// TestTlsVerify verifies that --tlsverify=false turns on tls
|
||||
func (s *DockerDaemonSuite) TestTlsVerify(c *check.C) {
|
||||
out, err := exec.Command(dockerBinary, "daemon", "--tlsverify=false").CombinedOutput()
|
||||
|
|
|
@ -65,7 +65,6 @@ func NewEnvClient() (*Client, error) {
|
|||
func NewClient(host string, version string, transport *http.Transport, httpHeaders map[string]string) (*Client, error) {
|
||||
var (
|
||||
basePath string
|
||||
tlsConfig *tls.Config
|
||||
scheme = "http"
|
||||
protoAddrParts = strings.SplitN(host, "://", 2)
|
||||
proto, addr = protoAddrParts[0], protoAddrParts[1]
|
||||
|
@ -90,7 +89,7 @@ func NewClient(host string, version string, transport *http.Transport, httpHeade
|
|||
addr: addr,
|
||||
basePath: basePath,
|
||||
scheme: scheme,
|
||||
tlsConfig: tlsConfig,
|
||||
tlsConfig: transport.TLSClientConfig,
|
||||
httpClient: &http.Client{Transport: transport},
|
||||
version: version,
|
||||
customHTTPHeaders: httpHeaders,
|
||||
|
|
|
@ -10,12 +10,12 @@ import (
|
|||
"strings"
|
||||
)
|
||||
|
||||
// Args stores filter arguments as map key:{array of values}.
|
||||
// It contains a aggregation of the list of arguments (which are in the form
|
||||
// Args stores filter arguments as map key:{map key: bool}.
|
||||
// It contains a aggregation of the map of arguments (which are in the form
|
||||
// of -f 'key=value') based on the key, and store values for the same key
|
||||
// in an slice.
|
||||
// in an map with string keys and boolean values.
|
||||
// e.g given -f 'label=label1=1' -f 'label=label2=2' -f 'image.name=ubuntu'
|
||||
// the args will be {'label': {'label1=1','label2=2'}, 'image.name', {'ubuntu'}}
|
||||
// the args will be {"image.name":{"ubuntu":true},"label":{"label1=1":true,"label2=2":true}}
|
||||
type Args struct {
|
||||
fields map[string]map[string]bool
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue