Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use exclusive root pools if a CA cert file is specified in the daemon #33182

Merged
merged 1 commit into from
May 14, 2017
Merged

Use exclusive root pools if a CA cert file is specified in the daemon #33182

merged 1 commit into from
May 14, 2017

Conversation

cyli
Copy link
Contributor

@cyli cyli commented May 12, 2017

Fixes #33173.

#31705 added ExclusiveRootPools: true when setting up the docker client configuration, but this should also be applied to the daemon.

If a file containing CAs for validating clients is provided, only the certs used in that file should be used to validate client connections, and not both the certs in that file and the system root certs.

If the union of the system certs and the provided CA certs is desired, the additional CA certs should be added to the system pool, or the system certs added to the provided CA file.

cc @dmcgowan @thaJeztah

Also cc @diogomonica for visibility

cute

@dmcgowan
Copy link
Member

LGTM on green

@cyli
Copy link
Contributor Author

cyli commented May 12, 2017

(sorry misspelled a word in a comment, fixed that :))

@diogomonica
Copy link
Contributor

LGTM

Copy link
Member

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cpuguy83 cpuguy83 added this to the 17.06.0 milestone May 13, 2017
@cpuguy83 cpuguy83 added priority/P0 Urgent: Security, critical bugs, blocking issues. drop everything until this issue is addressed. status/2-code-review labels May 13, 2017
@mlaventure mlaventure merged commit 190c6e8 into moby:master May 14, 2017
@cyli cyli deleted the exclusive-root-pools-in-daemon branch May 14, 2017 21:24
@abergmann
Copy link

CVE-2018-12608 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
priority/P0 Urgent: Security, critical bugs, blocking issues. drop everything until this issue is addressed. status/0-triage status/2-code-review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants