Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use either the system root pool or an empty cert pool with custom CA roots, 

and not a joint system+custom CA roots pool, when connecting from a docker
client to a remote daemon.

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2017-03-09 10:45:15 -08:00
parent 50a10e9bf4
commit 63bb7d89ad
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
command/cli.go
View File

@ -243,8 +243,9 @@ func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, er
// let the api client configure the default transport. // let the api client configure the default transport.
return nil, nil return nil, nil
} }
opts := *tlsOptions
config, err := tlsconfig.Client(*tlsOptions) opts.ExclusiveRootPools = true
config, err := tlsconfig.Client(opts)
if err != nil { if err != nil {
return nil, err return nil, err
} }