Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use exclusive root pools if a CA cert file is specified in the daemon #33182

Merged
merged 1 commit into from May 14, 2017

Conversation

Projects
None yet
7 participants
@cyli
Copy link
Contributor

commented May 12, 2017

Fixes #33173.

#31705 added ExclusiveRootPools: true when setting up the docker client configuration, but this should also be applied to the daemon.

If a file containing CAs for validating clients is provided, only the certs used in that file should be used to validate client connections, and not both the certs in that file and the system root certs.

If the union of the system certs and the provided CA certs is desired, the additional CA certs should be added to the system pool, or the system certs added to the provided CA file.

cc @dmcgowan @thaJeztah

Also cc @diogomonica for visibility

cute

@dmcgowan

This comment has been minimized.

Copy link
Member

commented May 12, 2017

LGTM on green

Use exclusive root pools if a CA cert file is specified in the daemon
Signed-off-by: Ying Li <ying.li@docker.com>

@cyli cyli force-pushed the cyli:exclusive-root-pools-in-daemon branch from 2e4fdad to ddd5278 May 12, 2017

@cyli

This comment has been minimized.

Copy link
Contributor Author

commented May 12, 2017

(sorry misspelled a word in a comment, fixed that :))

@diogomonica

This comment has been minimized.

Copy link
Contributor

commented May 12, 2017

LGTM

@cpuguy83
Copy link
Contributor

left a comment

LGTM

@cpuguy83 cpuguy83 added this to the 17.06.0 milestone May 13, 2017

@mlaventure mlaventure merged commit 190c6e8 into moby:master May 14, 2017

6 checks passed

dco-signed All commits are signed
experimental Jenkins build Docker-PRs-experimental 34073 has succeeded
Details
janky Jenkins build Docker-PRs 42675 has succeeded
Details
powerpc Jenkins build Docker-PRs-powerpc 3059 has succeeded
Details
windowsRS1 Jenkins build Docker-PRs-WoW-RS1 13908 has succeeded
Details
z Jenkins build Docker-PRs-s390x 2778 has succeeded
Details

@cyli cyli deleted the cyli:exclusive-root-pools-in-daemon branch May 14, 2017

@cyli cyli referenced this pull request Jul 30, 2018

Merged

[17.03] Patch go connections #28

@abergmann

This comment has been minimized.

Copy link

commented Sep 11, 2018

CVE-2018-12608 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.