Skip to content
This repository has been archived by the owner on Sep 26, 2021. It is now read-only.

Investigate 1954 certificate always regenerated #2006

Merged
merged 1 commit into from
Oct 22, 2015
Merged

Investigate 1954 certificate always regenerated #2006

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion commands/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func checkCert(hostUrl string, authOptions *auth.AuthOptions, c *cli.Context) er
authOptions.ServerKeyPath,
)
if err != nil {
return fmt.Errorf("Error attempting to validate the certficate: %s", err)
return fmt.Errorf("Error attempting to validate the certificates: %s", err)
}

if !valid {
Expand Down
15 changes: 14 additions & 1 deletion libmachine/cert/cert.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ import (
"net"
"os"
"time"

"errors"

"github.com/docker/machine/libmachine/log"
)

type ErrValidatingCert struct {
Expand All @@ -29,7 +33,11 @@ func getTLSConfig(caCert, cert, key []byte, allowInsecure bool) (*tls.Config, er
tlsConfig.InsecureSkipVerify = allowInsecure
certPool := x509.NewCertPool()

certPool.AppendCertsFromPEM(caCert)
ok := certPool.AppendCertsFromPEM(caCert)
if !ok {
return &tlsConfig, errors.New("There was an error reading certificate")
}

tlsConfig.RootCAs = certPool
keypair, err := tls.X509KeyPair(cert, key)
if err != nil {
Expand Down Expand Up @@ -174,17 +182,21 @@ func GenerateCert(hosts []string, certFile, keyFile, caFile, caKeyFile, org stri
return nil
}

// ValidateCertificate validate the certificate installed on the vm.
func ValidateCertificate(addr, caCertPath, serverCertPath, serverKeyPath string) (bool, error) {
log.Debugf("Reading CA certificate from %s", caCertPath)
caCert, err := ioutil.ReadFile(caCertPath)
if err != nil {
return false, ErrValidatingCert{err}
}

log.Debugf("Reading server certificate from %s", serverCertPath)
serverCert, err := ioutil.ReadFile(serverCertPath)
if err != nil {
return false, ErrValidatingCert{err}
}

log.Debugf("Reading server key from %s", serverKeyPath)
serverKey, err := ioutil.ReadFile(serverKeyPath)
if err != nil {
return false, ErrValidatingCert{err}
Expand All @@ -201,6 +213,7 @@ func ValidateCertificate(addr, caCertPath, serverCertPath, serverKeyPath string)

_, err = tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
if err != nil {
log.Debugf("Certificates are not valid: %s", err)
return false, nil
}

Expand Down
6 changes: 1 addition & 5 deletions libmachine/provision/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,11 +179,7 @@ func ConfigureAuth(p Provisioner) error {
return err
}

if err := waitForDocker(p, dockerPort); err != nil {
return err
}

return nil
return waitForDocker(p, dockerPort)
}

func matchNetstatOut(reDaemonListening, netstatOut string) bool {
Expand Down