MCPcopy Index your code
hub / github.com/containerd/containerd / resolverDefaultTLS

Function resolverDefaultTLS

cmd/ctr/commands/resolver.go:114–152  ·  view source on GitHub ↗
(cliContext *cli.Context)

Source from the content-addressed store, hash-verified

112}
113
114func resolverDefaultTLS(cliContext *cli.Context) (*tls.Config, error) {
115 tlsConfig := &tls.Config{}
116
117 if cliContext.Bool("skip-verify") {
118 tlsConfig.InsecureSkipVerify = true
119 }
120
121 if tlsRootPath := cliContext.String("tlscacert"); tlsRootPath != "" {
122 tlsRootData, err := os.ReadFile(tlsRootPath)
123 if err != nil {
124 return nil, fmt.Errorf("failed to read %q: %w", tlsRootPath, err)
125 }
126
127 tlsConfig.RootCAs = x509.NewCertPool()
128 if !tlsConfig.RootCAs.AppendCertsFromPEM(tlsRootData) {
129 return nil, fmt.Errorf("failed to load TLS CAs from %q: invalid data", tlsRootPath)
130 }
131 }
132
133 tlsCertPath := cliContext.String("tlscert")
134 tlsKeyPath := cliContext.String("tlskey")
135 if tlsCertPath != "" || tlsKeyPath != "" {
136 if tlsCertPath == "" || tlsKeyPath == "" {
137 return nil, errors.New("flags --tlscert and --tlskey must be set together")
138 }
139 keyPair, err := tls.LoadX509KeyPair(tlsCertPath, tlsKeyPath)
140 if err != nil {
141 return nil, fmt.Errorf("failed to load TLS client credentials (cert=%q, key=%q): %w", tlsCertPath, tlsKeyPath, err)
142 }
143 tlsConfig.Certificates = []tls.Certificate{keyPair}
144 }
145
146 // If nothing was set, return nil rather than empty config
147 if !tlsConfig.InsecureSkipVerify && tlsConfig.RootCAs == nil && tlsConfig.Certificates == nil {
148 return nil, nil
149 }
150
151 return tlsConfig, nil
152}
153
154type staticCredentials struct {
155 ref string

Callers 1

GetResolverFunction · 0.85

Calls 1

StringMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…