Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remotes: always try to establish tls connection when tls configured #9182

Merged
merged 1 commit into from Oct 3, 2023
Merged

remotes: always try to establish tls connection when tls configured #9182

merged 1 commit into from Oct 3, 2023

Conversation

dmcgowan
Copy link
Member

@dmcgowan dmcgowan commented Oct 2, 2023

When a endpoint is configured for http and has a tls configuration, always try to the tls connection and fallback to http when the tls connections fails from receiving an http response. This fixes an issue with default localhost endpoints which get defaulted to http with insecure tls also configured but are using tls.

Fixes #9157

@dmcgowan
Copy link
Member Author

dmcgowan commented Oct 2, 2023

@vvoland will this work for the Moby implementation as well?

@dmcgowan dmcgowan added cherry-pick/1.6.x Change to be cherry picked to release/1.6 branch cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch labels Oct 2, 2023
@dmcgowan
remotes: always try to establish tls connection when tls configured
79772a0 
When a endpoint is configured for http and has a tls configuration,
always try to the tls connection and fallback to http when the tls
connections fails from receiving an http response. This fixes an issue
with default localhost endpoints which get defaulted to http with
insecure tls also configured but are using tls.

Signed-off-by: Derek McGowan <derek@mcg.dev>
thaJeztah
thaJeztah approved these changes Oct 3, 2023
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

fuweid
fuweid approved these changes Oct 3, 2023
View reviewed changes
Copy link
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fuweid fuweid merged commit 28fa275 into containerd:main Oct 3, 2023
45 checks passed
@vvoland vvoland mentioned this pull request Oct 3, 2023
Merged
This was referenced Oct 3, 2023
Merged
Merged
@dmcgowan dmcgowan added cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch and removed cherry-pick/1.6.x Change to be cherry picked to release/1.6 branch cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch labels Oct 3, 2023
@dmcgowan dmcgowan deleted the localhost-http-fallback branch April 20, 2024 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samuelkarp samuelkarp samuelkarp approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

@fuweid fuweid fuweid approved these changes

Assignees
No one assigned
Labels
cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

localhost uses http by default from v1.6.9 and no option is available to over-ride this behavior.
4 participants
@dmcgowan @samuelkarp @thaJeztah @fuweid