toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d96c69364440e66ea1b8cd1383f7dd3f38391aa6
docker-cli/components/engine/client/transport.go
Stephen J Day d96c693644 client: pedantic checking of tlsconfig 
Under the convoluted code path for the transport configuration,
TLSConfig was being set even though the socket type is unix. This caused
other code detecting the TLSConfig to assume https, rather than using
the http scheme. This led to a situation where if `DOCKER_CERT_PATH` is
set, unix sockets start reverting to https. There is other odd behavior
from go-connections that is also reproduced here.

For the most part, we try to reproduce the side-effecting behavior from
go-connections to retain the current docker behavior. This whole mess
needs to ripped out and fixed, as this pile spaghetti is unnacceptable.

This code is way to convoluted for an http client. We'll need to fix
this but the Go API will break to do it.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: dc9f5c2ca3cdf8fef5786a80a0a1b0e7c18d4420
Component: engine
2016-09-27 16:27:48 -07:00

46 lines
1.3 KiB
Go
Raw Blame History

package client
import (
"crypto/tls"
"errors"
"net/http"
)
var errTLSConfigUnavailable = errors.New("TLSConfig unavailable")
// transportFunc allows us to inject a mock transport for testing. We define it
// here so we can detect the tlsconfig and return nil for only this type.
type transportFunc func(*http.Request) (*http.Response, error)
func (tf transportFunc) RoundTrip(req *http.Request) (*http.Response, error) {
return tf(req)
}
// resolveTLSConfig attempts to resolve the tls configuration from the
// RoundTripper.
func resolveTLSConfig(transport http.RoundTripper) *tls.Config {
switch tr := transport.(type) {
case *http.Transport:
return tr.TLSClientConfig
default:
return nil
}
}
// resolveScheme detects a tls config on the transport and returns the
// appropriate http scheme.
//
// TODO(stevvooe): This isn't really the right way to write clients in Go.
// `NewClient` should probably only take an `*http.Client` and work from there.
// Unfortunately, the model of having a host-ish/url-thingy as the connection
// string has us confusing protocol and transport layers. We continue doing
// this to avoid breaking existing clients but this should be addressed.
func resolveScheme(transport http.RoundTripper) string {
c := resolveTLSConfig(transport)
if c != nil {
return "https"
}
return "http"
}
Reference in New Issue View Git Blame Copy Permalink