mirror of
https://github.com/project-zot/zot.git
synced 2025-01-06 22:40:28 -05:00
Use InsecureSkipVerify only with https upstreams
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
parent
e0a1a82890
commit
b9250a783a
2 changed files with 24 additions and 2 deletions
|
@ -143,13 +143,17 @@ func TestSyncInternal(t *testing.T) {
|
|||
|
||||
var tlsVerify bool
|
||||
updateDuration := time.Microsecond
|
||||
port := GetFreePort()
|
||||
baseURL := GetBaseURL(port)
|
||||
baseSecureURL := GetSecureBaseURL(port)
|
||||
|
||||
syncRegistryConfig := RegistryConfig{
|
||||
Content: []Content{
|
||||
{
|
||||
Prefix: testImage,
|
||||
},
|
||||
},
|
||||
URL: BaseURL,
|
||||
URL: baseURL,
|
||||
PollInterval: updateDuration,
|
||||
TLSVerify: &tlsVerify,
|
||||
CertDir: badCertsDir,
|
||||
|
@ -158,6 +162,17 @@ func TestSyncInternal(t *testing.T) {
|
|||
_, err = getHTTPClient(&syncRegistryConfig, Credentials{}, log.NewLogger("debug", ""))
|
||||
So(err, ShouldNotBeNil)
|
||||
syncRegistryConfig.CertDir = "/path/to/invalid/cert"
|
||||
|
||||
_, err = getHTTPClient(&syncRegistryConfig, Credentials{}, log.NewLogger("debug", ""))
|
||||
So(err, ShouldNotBeNil)
|
||||
|
||||
syncRegistryConfig.CertDir = ""
|
||||
syncRegistryConfig.URL = baseSecureURL
|
||||
|
||||
_, err = getHTTPClient(&syncRegistryConfig, Credentials{}, log.NewLogger("debug", ""))
|
||||
So(err, ShouldBeNil)
|
||||
|
||||
syncRegistryConfig.URL = BaseURL
|
||||
_, err = getHTTPClient(&syncRegistryConfig, Credentials{}, log.NewLogger("debug", ""))
|
||||
So(err, ShouldNotBeNil)
|
||||
})
|
||||
|
|
|
@ -104,6 +104,13 @@ func getFileCredentials(filepath string) (CredentialsFile, error) {
|
|||
func getHTTPClient(regCfg *RegistryConfig, credentials Credentials, log log.Logger) (*resty.Client, error) {
|
||||
client := resty.New()
|
||||
|
||||
registryURL, err := url.Parse(regCfg.URL)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Str("url", regCfg.URL).Msg("couldn't parse url")
|
||||
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if regCfg.CertDir != "" {
|
||||
log.Debug().Msgf("sync: using certs directory: %s", regCfg.CertDir)
|
||||
clientCert := path.Join(regCfg.CertDir, "client.cert")
|
||||
|
@ -133,7 +140,7 @@ func getHTTPClient(regCfg *RegistryConfig, credentials Credentials, log log.Logg
|
|||
}
|
||||
|
||||
// nolint: gosec
|
||||
if regCfg.TLSVerify != nil && !*regCfg.TLSVerify {
|
||||
if regCfg.TLSVerify != nil && !*regCfg.TLSVerify && registryURL.Scheme == "https" {
|
||||
client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue