From fc389b7bc3ba220df11e278bf356268acba8077a Mon Sep 17 00:00:00 2001 From: Ying Li Date: Mon, 19 Oct 2015 13:11:58 -0700 Subject: [PATCH] Use tls client config utility in notary as well. Signed-off-by: Ying Li --- cmd/notary/tuf.go | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/cmd/notary/tuf.go b/cmd/notary/tuf.go index 40f5191ca5..7df093f585 100644 --- a/cmd/notary/tuf.go +++ b/cmd/notary/tuf.go @@ -3,8 +3,6 @@ package main import ( "bufio" "crypto/sha256" - "crypto/tls" - "crypto/x509" "fmt" "io/ioutil" "net" @@ -22,7 +20,7 @@ import ( "github.com/docker/distribution/registry/client/transport" "github.com/docker/docker/pkg/term" notaryclient "github.com/docker/notary/client" - "github.com/docker/notary/trustmanager" + "github.com/docker/notary/utils" "github.com/spf13/cobra" ) @@ -360,7 +358,6 @@ func (ps passwordStore) Basic(u *url.URL) (string, string) { func getTransport(gun string, readOnly bool) http.RoundTripper { // Attempt to get a root CA from the config file. Nil is the host defaults. - rootPool := x509.NewCertPool() rootCAFile := mainViper.GetString("remote_server.root_ca") if rootCAFile != "" { // If we haven't been given an Absolute path, we assume it's relative @@ -368,19 +365,13 @@ func getTransport(gun string, readOnly bool) http.RoundTripper { if !filepath.IsAbs(rootCAFile) { rootCAFile = filepath.Join(configPath, rootCAFile) } - rootCert, err := trustmanager.LoadCertFromFile(rootCAFile) - if err != nil { - fatalf("could not load root ca file. %s", err.Error()) - } - rootPool.AddCert(rootCert) } - // skipTLSVerify is false by default so verification will - // be performed. - tlsConfig := &tls.Config{ - InsecureSkipVerify: mainViper.GetBool("remote_server.skipTLSVerify"), - MinVersion: tls.VersionTLS10, - RootCAs: rootPool, + tlsConfig, err := utils.ConfigureClientTLS( + rootCAFile, "", mainViper.GetBool("remote_server.skipTLSVerify"), + "", "") + if err != nil { + logrus.Fatal("Unable to configure TLS: ", err.Error()) } base := &http.Transport{