github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #7393 from Iceber/skip_verify

Browse Source 
remotes/docker/config: Skipping TLS verification for localhost
This commit is contained in:
Phil Estes
2022-09-19 10:53:56 -04:00
committed by GitHub
parent 290ef2b43f 3cfde732e1
commit a1e4a94694
3 changed files with 28 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/cri/server/image_pull.go
View File

@@ -400,7 +400,7 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
if err != nil {
return nil, fmt.Errorf("get TLSConfig for registry %q: %w", e, err)
}
} else if isLocalHost(host) && u.Scheme == "http" {
} else if docker.IsLocalhost(host) && u.Scheme == "http" {
// Skipping TLS verification for localhost
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
@@ -445,26 +445,12 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
// defaultScheme returns the default scheme for a registry host.
func defaultScheme(host string) string {
if isLocalHost(host) {
if docker.IsLocalhost(host) {
return "http"
}
return "https"
}
// isLocalHost checks if the registry host is local.
func isLocalHost(host string) bool {
if h, _, err := net.SplitHostPort(host); err == nil {
host = h
}
if host == "localhost" {
return true
}
ip := net.ParseIP(host)
return ip.IsLoopback()
}
// addDefaultScheme returns the endpoint with default scheme
func addDefaultScheme(endpoint string) (string, error) {
if strings.Contains(endpoint, "://") {