Browse Source

Merge pull request #1967 from 2opremio/fix-insure-hosts-with-ports

Fix insecure-host-checking for repos with an explicit port
Alfonso Acosta 7 months ago
parent
commit
49d627926f
No account linked to committer's email address
1 changed files with 14 additions and 3 deletions
  1. 14
    3
      registry/client_factory.go

+ 14
- 3
registry/client_factory.go View File

@@ -3,6 +3,7 @@ package registry
3 3
 import (
4 4
 	"context"
5 5
 	"crypto/tls"
6
+	"net"
6 7
 	"net/http"
7 8
 	"net/url"
8 9
 	"sync"
@@ -92,11 +93,21 @@ attemptChallenge:
92 93
 }
93 94
 
94 95
 func (f *RemoteClientFactory) ClientFor(repo image.CanonicalName, creds Credentials) (Client, error) {
96
+	repoHosts := []string{repo.Domain}
97
+	// allow the insecure hosts list to contain hosts with or without the port
98
+	repoHostWithoutPort, _, err := net.SplitHostPort(repo.Domain)
99
+	if err == nil {
100
+		// parsing fails if no port is present
101
+		repoHosts = append(repoHosts, repoHostWithoutPort)
102
+	}
95 103
 	insecure := false
104
+insecureCheckLoop:
96 105
 	for _, h := range f.InsecureHosts {
97
-		if repo.Domain == h {
98
-			insecure = true
99
-			break
106
+		for _, repoHost := range repoHosts {
107
+			if h == repoHost {
108
+				insecure = true
109
+				break insecureCheckLoop
110
+			}
100 111
 		}
101 112
 	}
102 113
 

Loading…
Cancel
Save