github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Skip TLS verification for localhost

Browse Source 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
This commit is contained in:
Aditi Sharma 2021-03-01 18:12:19 +05:30
parent 10bbd1a462
commit 8014d9fee0
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/cri/server/image_pull.go
View File

@ -337,6 +337,9 @@ func (c *criService) registryHosts(auth *runtime.AuthConfig) docker.RegistryHost
if err != nil {
return nil, errors.Wrapf(err, "get TLSConfig for registry %q", e)
}
} else if isLocalHost(host) && u.Scheme == "http" {
// Skipping TLS verification for localhost
transport.TLSClientConfig.InsecureSkipVerify = true
}
if auth == nil && config.Auth != nil {
@ -366,15 +369,26 @@ func (c *criService) registryHosts(auth *runtime.AuthConfig) docker.RegistryHost
// defaultScheme returns the default scheme for a registry host.
func defaultScheme(host string) string {
if h, _, err := net.SplitHostPort(host); err == nil {
host = h
}
if host == "localhost" || host == "127.0.0.1" || host == "::1" {
if isLocalHost(host) {
return "http"
}
return "https"
}
// isLocalHost checks if the registry host is local.
func isLocalHost(host string) bool {
if h, _, err := net.SplitHostPort(host); err == nil {
host = h
}
if host == "localhost" {
return true
}
ip := net.ParseIP(host)
return ip.IsLoopback()
}
// addDefaultScheme returns the endpoint with default scheme
func addDefaultScheme(endpoint string) (string, error) {
if strings.Contains(endpoint, "://") {