From 7116aefe4310c77a6d8f80a9f928ce6437e8bb49 Mon Sep 17 00:00:00 2001
From: Joffrey F <joffrey@docker.com>
Date: Mon, 28 Mar 2016 17:39:20 -0700
Subject: [PATCH 1/5] Fix assert_hostname logic in tls_config_from_options

Signed-off-by: Joffrey F <joffrey@docker.com>
---
 compose/cli/docker_client.py         | 27 ++++++++++++++++++++-------
 tests/unit/cli/docker_client_test.py | 28 ++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py
index f782a1ae6..83cd8626c 100644
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@@ -21,24 +21,37 @@ def tls_config_from_options(options):
     cert = options.get('--tlscert')
     key = options.get('--tlskey')
     verify = options.get('--tlsverify')
-    hostname = urlparse(options.get('--host') or '').hostname
+    host = options.get('--host')
+    skip_hostname_check = options.get('--skip-hostname-check', False)
+
+    if not skip_hostname_check:
+        hostname = urlparse(host).hostname if host else None
+        # If the protocol is omitted, urlparse fails to extract the hostname.
+        # Make another attempt by appending a protocol.
+        if not hostname and host:
+            hostname = urlparse('tcp://{0}'.format(host)).hostname
 
     advanced_opts = any([ca_cert, cert, key, verify])
 
     if tls is True and not advanced_opts:
         return True
-    elif advanced_opts:
+    elif advanced_opts:  # --tls is a noop
         client_cert = None
         if cert or key:
             client_cert = (cert, key)
+
+        assert_hostname = None
+        if skip_hostname_check:
+            assert_hostname = False
+        elif hostname:
+            assert_hostname = hostname
+
         return TLSConfig(
             client_cert=client_cert, verify=verify, ca_cert=ca_cert,
-            assert_hostname=(
-                hostname or not options.get('--skip-hostname-check', False)
-            )
+            assert_hostname=assert_hostname
         )
-    else:
-        return None
+
+    return None
 
 
 def docker_client(environment, version=None, tls_config=None, host=None):
diff --git a/tests/unit/cli/docker_client_test.py b/tests/unit/cli/docker_client_test.py
index 56bab19c3..f4476ad3b 100644
--- a/tests/unit/cli/docker_client_test.py
+++ b/tests/unit/cli/docker_client_test.py
@@ -103,3 +103,31 @@ class TLSConfigTestCase(unittest.TestCase):
         options = {'--tlskey': self.key}
         with pytest.raises(docker.errors.TLSParameterError):
             tls_config_from_options(options)
+
+    def test_assert_hostname_explicit_host(self):
+        options = {
+            '--tlscacert': self.ca_cert, '--host': 'tcp://foobar.co.uk:1254'
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.assert_hostname == 'foobar.co.uk'
+
+    def test_assert_hostname_explicit_host_no_proto(self):
+        options = {
+            '--tlscacert': self.ca_cert, '--host': 'foobar.co.uk:1254'
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.assert_hostname == 'foobar.co.uk'
+
+    def test_assert_hostname_implicit_host(self):
+        options = {'--tlscacert': self.ca_cert}
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.assert_hostname is None
+
+    def test_assert_hostname_explicit_skip(self):
+        options = {'--tlscacert': self.ca_cert, '--skip-hostname-check': True}
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.assert_hostname is False

From 71c86acaa4af0af5dec9baf7f1f4d7b236f249a3 Mon Sep 17 00:00:00 2001
From: Joffrey F <joffrey@docker.com>
Date: Tue, 29 Mar 2016 18:01:27 -0700
Subject: [PATCH 2/5] Update docker-py version to include match_hostname fix
 Removed unnecessary assert_hostname computation in tls_config_from_options

Signed-off-by: Joffrey F <joffrey@docker.com>
---
 compose/cli/docker_client.py | 17 +----------------
 requirements.txt             |  2 +-
 2 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py
index 83cd8626c..e9f39d010 100644
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@@ -7,7 +7,6 @@ from docker import Client
 from docker.errors import TLSParameterError
 from docker.tls import TLSConfig
 from docker.utils import kwargs_from_env
-from requests.utils import urlparse
 
 from ..const import HTTP_TIMEOUT
 from .errors import UserError
@@ -21,16 +20,8 @@ def tls_config_from_options(options):
     cert = options.get('--tlscert')
     key = options.get('--tlskey')
     verify = options.get('--tlsverify')
-    host = options.get('--host')
     skip_hostname_check = options.get('--skip-hostname-check', False)
 
-    if not skip_hostname_check:
-        hostname = urlparse(host).hostname if host else None
-        # If the protocol is omitted, urlparse fails to extract the hostname.
-        # Make another attempt by appending a protocol.
-        if not hostname and host:
-            hostname = urlparse('tcp://{0}'.format(host)).hostname
-
     advanced_opts = any([ca_cert, cert, key, verify])
 
     if tls is True and not advanced_opts:
@@ -40,15 +31,9 @@ def tls_config_from_options(options):
         if cert or key:
             client_cert = (cert, key)
 
-        assert_hostname = None
-        if skip_hostname_check:
-            assert_hostname = False
-        elif hostname:
-            assert_hostname = hostname
-
         return TLSConfig(
             client_cert=client_cert, verify=verify, ca_cert=ca_cert,
-            assert_hostname=assert_hostname
+            assert_hostname=False if skip_hostname_check else None
         )
 
     return None
diff --git a/requirements.txt b/requirements.txt
index 91d0487cd..4bee21ef4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,9 @@
 PyYAML==3.11
 cached-property==1.2.0
-docker-py==1.8.0rc2
 dockerpty==0.4.1
 docopt==0.6.1
 enum34==1.0.4
+git+https://github.com/docker/docker-py.git@ac3d4aae2c525b052e661f42307223676ca1b313#egg=docker-py
 jsonschema==2.5.1
 requests==2.7.0
 six==1.7.3

From d27b82207cc0ef4364b56a3d1e823b47791836ba Mon Sep 17 00:00:00 2001
From: Joffrey F <joffrey@docker.com>
Date: Tue, 29 Mar 2016 18:05:37 -0700
Subject: [PATCH 3/5] Remove obsolete assert_hostname tests

Signed-off-by: Joffrey F <joffrey@docker.com>
---
 requirements.txt                     |  2 +-
 tests/unit/cli/docker_client_test.py | 22 ----------------------
 2 files changed, 1 insertion(+), 23 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 4bee21ef4..898df3732 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,9 @@
 PyYAML==3.11
 cached-property==1.2.0
+docker-py==1.8.0rc3
 dockerpty==0.4.1
 docopt==0.6.1
 enum34==1.0.4
-git+https://github.com/docker/docker-py.git@ac3d4aae2c525b052e661f42307223676ca1b313#egg=docker-py
 jsonschema==2.5.1
 requests==2.7.0
 six==1.7.3
diff --git a/tests/unit/cli/docker_client_test.py b/tests/unit/cli/docker_client_test.py
index f4476ad3b..5334a9440 100644
--- a/tests/unit/cli/docker_client_test.py
+++ b/tests/unit/cli/docker_client_test.py
@@ -104,28 +104,6 @@ class TLSConfigTestCase(unittest.TestCase):
         with pytest.raises(docker.errors.TLSParameterError):
             tls_config_from_options(options)
 
-    def test_assert_hostname_explicit_host(self):
-        options = {
-            '--tlscacert': self.ca_cert, '--host': 'tcp://foobar.co.uk:1254'
-        }
-        result = tls_config_from_options(options)
-        assert isinstance(result, docker.tls.TLSConfig)
-        assert result.assert_hostname == 'foobar.co.uk'
-
-    def test_assert_hostname_explicit_host_no_proto(self):
-        options = {
-            '--tlscacert': self.ca_cert, '--host': 'foobar.co.uk:1254'
-        }
-        result = tls_config_from_options(options)
-        assert isinstance(result, docker.tls.TLSConfig)
-        assert result.assert_hostname == 'foobar.co.uk'
-
-    def test_assert_hostname_implicit_host(self):
-        options = {'--tlscacert': self.ca_cert}
-        result = tls_config_from_options(options)
-        assert isinstance(result, docker.tls.TLSConfig)
-        assert result.assert_hostname is None
-
     def test_assert_hostname_explicit_skip(self):
         options = {'--tlscacert': self.ca_cert, '--skip-hostname-check': True}
         result = tls_config_from_options(options)

From 78a8be07adc0f83ec627d6865eb17da5c69093fa Mon Sep 17 00:00:00 2001
From: Joffrey F <joffrey@docker.com>
Date: Wed, 30 Mar 2016 11:11:19 -0700
Subject: [PATCH 4/5] Re-enabling assert_hostname when instantiating
 docker_client from the environment.

Signed-off-by: Joffrey F <joffrey@docker.com>
---
 compose/cli/docker_client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py
index e9f39d010..0c0113bb7 100644
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@@ -49,7 +49,7 @@ def docker_client(environment, version=None, tls_config=None, host=None):
                  "Please use COMPOSE_HTTP_TIMEOUT instead.")
 
     try:
-        kwargs = kwargs_from_env(assert_hostname=False, environment=environment)
+        kwargs = kwargs_from_env(environment=environment)
     except TLSParameterError:
         raise UserError(
             "TLS configuration is invalid - make sure your DOCKER_TLS_VERIFY "

From 1a7a65f84da129cb3491c2dec3f37367444ce807 Mon Sep 17 00:00:00 2001
From: Joffrey F <joffrey@docker.com>
Date: Wed, 30 Mar 2016 11:58:28 -0700
Subject: [PATCH 5/5] Include docker-py requirements fix

Signed-off-by: Joffrey F <joffrey@docker.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 898df3732..76f224fbe 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 PyYAML==3.11
 cached-property==1.2.0
-docker-py==1.8.0rc3
+docker-py==1.8.0rc5
 dockerpty==0.4.1
 docopt==0.6.1
 enum34==1.0.4