Specifying --tls no longer overrides all other TLS options

Add an option to skip hostname verification Signed-off-by: Joffrey F <joffrey@docker.com>
2025-07-24 06:04:57 +02:00 · 2016-03-17 16:09:45 -07:00 · 2016-03-17 16:09:45 -07:00 · 26f3861791
commit 26f3861791
parent 7166408d2a
2 changed files with 9 additions and 3 deletions
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@ -22,14 +22,17 @@ def tls_config_from_options(options):
    key = options.get('--tlskey')
    verify = options.get('--tlsverify')

-    if tls is True:
+    advanced_opts = any([ca_cert, cert, key, verify])
+
+    if tls is True and not advanced_opts:
        return True
-    elif any([ca_cert, cert, key, verify]):
+    elif advanced_opts:
        client_cert = None
        if cert or key:
            client_cert = (cert, key)
        return TLSConfig(
-            client_cert=client_cert, verify=verify, ca_cert=ca_cert
+            client_cert=client_cert, verify=verify, ca_cert=ca_cert,
+            assert_hostname=options.get('--skip-hostname-check')
        )
    else:
        return None
--- a/compose/cli/main.py
+++ b/compose/cli/main.py
@ -156,6 +156,9 @@ class TopLevelCommand(object):
      --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
      --tlskey TLS_KEY_PATH       Path to TLS key file
      --tlsverify                 Use TLS and verify the remote
+      --skip-hostname-check       Don't check the daemon's hostname against the name specified
+                                  in the client certificate (for example if your docker host
+                                  is an IP address)

    Commands:
      build              Build or rebuild services