From 26f3861791a82ddee9171a6710f595b0136c4ab3 Mon Sep 17 00:00:00 2001 From: Joffrey F Date: Thu, 17 Mar 2016 16:09:45 -0700 Subject: [PATCH] Specifying --tls no longer overrides all other TLS options Add an option to skip hostname verification Signed-off-by: Joffrey F --- compose/cli/docker_client.py | 9 ++++++--- compose/cli/main.py | 3 +++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py index c8159ad49..e2848a90b 100644 --- a/compose/cli/docker_client.py +++ b/compose/cli/docker_client.py @@ -22,14 +22,17 @@ def tls_config_from_options(options): key = options.get('--tlskey') verify = options.get('--tlsverify') - if tls is True: + advanced_opts = any([ca_cert, cert, key, verify]) + + if tls is True and not advanced_opts: return True - elif any([ca_cert, cert, key, verify]): + elif advanced_opts: client_cert = None if cert or key: client_cert = (cert, key) return TLSConfig( - client_cert=client_cert, verify=verify, ca_cert=ca_cert + client_cert=client_cert, verify=verify, ca_cert=ca_cert, + assert_hostname=options.get('--skip-hostname-check') ) else: return None diff --git a/compose/cli/main.py b/compose/cli/main.py index 331476e21..6eada097f 100644 --- a/compose/cli/main.py +++ b/compose/cli/main.py @@ -156,6 +156,9 @@ class TopLevelCommand(object): --tlscert CLIENT_CERT_PATH Path to TLS certificate file --tlskey TLS_KEY_PATH Path to TLS key file --tlsverify Use TLS and verify the remote + --skip-hostname-check Don't check the daemon's hostname against the name specified + in the client certificate (for example if your docker host + is an IP address) Commands: build Build or rebuild services