Make it possible to disable TLS, and add some reluctant documentation…

… for it

Closes boot2docker#571

Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>

README.md

@@ -123,6 +123,12 @@ the `DOCKER_CERT_PATH` and `DOCKER_TLS_VERIFY` environment variables.
 
 `$(boot2docker shellinit)` will also set them correctly.
 
+We strongly against running Boot2Docker with an unencrypted Docker socket for
+security reasons, but if you have tools that cannot be easily switched, you
+can disable it by adding `DOCKER_TLS=no` to your `/var/lib/boot2docker/profile`
+file on the persistent partition inside the Boot2Docker virtual machine (use
+`boot2docker ssh sudo vi /var/lib/boot2docker/profile`).
+
 #### Folder sharing
 
 Boot2Docker is essentially a remote Docker engine with a read only filesystem

rootfs/rootfs/usr/local/etc/init.d/docker

@@ -22,7 +22,7 @@ test -f '/var/lib/boot2docker/profile' && . '/var/lib/boot2docker/profile'
 
 start() {
     # Not enabling Docker daemon TLS by default.
-    if [ "$DOCKER_TLS" != "" ]; then
+    if [ "$DOCKER_TLS" != "no" ]; then
         CERTHOSTNAMES="$(hostname -s),$(hostname -i)"
         ETH0=$(ip addr show eth0 |sed -nEe 's/^[ \t]*inet[ \t]*([0-9.]+)\/.*$/\1/p')
         ETH1=$(ip addr show eth1 |sed -nEe 's/^[ \t]*inet[ \t]*([0-9.]+)\/.*$/\1/p')
@@ -59,7 +59,7 @@ start() {
         if [ "$DOCKER_TLS" == "auto" ]; then
             DOCKER_HOST='-H tcp://0.0.0.0:2376'
             EXTRA_ARGS="$EXTRA_ARGS --tlsverify --tlscacert=$CACERT --tlscert=$SERVERCERT --tlskey=$SERVERKEY"
-        else
+        elif [ "$DOCKER_TLS" != "no" ]; then
             EXTRA_ARGS="$EXTRA_ARGS $DOCKER_TLS --tlscacert=$CACERT --tlscert=$SERVERCERT --tlskey=$SERVERKEY"
         fi