Specifying --tls no longer overrides all other TLS options

Add an option to skip hostname verification

Signed-off-by: Joffrey F <joffrey@docker.com>
This commit is contained in:
Joffrey F 2016-03-17 16:09:45 -07:00
parent 7166408d2a
commit 26f3861791
2 changed files with 9 additions and 3 deletions

View File

@ -22,14 +22,17 @@ def tls_config_from_options(options):
key = options.get('--tlskey')
verify = options.get('--tlsverify')
if tls is True:
advanced_opts = any([ca_cert, cert, key, verify])
if tls is True and not advanced_opts:
return True
elif any([ca_cert, cert, key, verify]):
elif advanced_opts:
client_cert = None
if cert or key:
client_cert = (cert, key)
return TLSConfig(
client_cert=client_cert, verify=verify, ca_cert=ca_cert
client_cert=client_cert, verify=verify, ca_cert=ca_cert,
assert_hostname=options.get('--skip-hostname-check')
)
else:
return None

View File

@ -156,6 +156,9 @@ class TopLevelCommand(object):
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the name specified
in the client certificate (for example if your docker host
is an IP address)
Commands:
build Build or rebuild services