mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2026-05-05 04:16:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: provide refreshing CA pool (resolvers)

Browse Source 
When a registry has _some_ TLS config included, the refreshing CA pool
was overwritten with the result returned from the config provider.

Ensure that is is restored back to the default value (unless explicitly
set by the provider if the registry CA is set).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov 2025-09-26 21:18:44 +04:00
parent d63c3ed7db
commit ab847310ef
No known key found for this signature in database
GPG Key ID: 322C6F63F594CE7C
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/pkg/containers/image/resolver.go
View File

@ -60,6 +60,11 @@ func RegistryHosts(reg config.Registries) docker.RegistryHosts {
if err != nil {
return nil, fmt.Errorf("error preparing TLS config for %q: %w", u.Host, err)
}
// set up refreshing Root CAs if none were provided
if transport.TLSClientConfig.RootCAs == nil {
transport.TLSClientConfig.RootCAs = httpdefaults.RootCAs()
}
}
if u.Path == "" {