beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use either the system root pool or an empty cert pool with custom CA roots,

Browse source 
and not a joint system+custom CA roots pool, when connecting from a docker
client to a remote daemon.

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2017-03-09 10:45:15 -08:00
parent 868f90a0db
commit bf7766bfe8
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cli/command/cli.go
View file

@ -243,8 +243,9 @@ func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, er
// let the api client configure the default transport.
return nil, nil
}
config, err := tlsconfig.Client(*tlsOptions)
opts := *tlsOptions
opts.ExclusiveRootPools = true
config, err := tlsconfig.Client(opts)
if err != nil {
return nil, err
}