Fix #536: ssl_context not used (#607)

aio-libs · Jul 23, 2021 · 9b45993 · 9b45993
1 parent 72c1573
commit 9b45993
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/CHANGES/536.bugfix b/CHANGES/536.bugfix
@@ -0,0 +1 @@
+Use ssl_context passsed to Docker constructor for creating underlying connection to docker engine.
diff --git a/aiodocker/docker.py b/aiodocker/docker.py
@@ -109,8 +109,9 @@ def __init__(
             WIN_PRE_LEN = len(WIN_PRE)
             if _rx_tcp_schemes.search(docker_host):
                 if os.environ.get("DOCKER_TLS_VERIFY", "0") == "1":
-                    ssl_context = self._docker_machine_ssl_context()
-                    docker_host = _rx_tcp_schemes.sub("https://", docker_host)
+                    if ssl_context is None:
+                        ssl_context = self._docker_machine_ssl_context()
+                        docker_host = _rx_tcp_schemes.sub("https://", docker_host)
                 else:
                     ssl_context = None
                 connector = aiohttp.TCPConnector(ssl=ssl_context)

diff --git a/tests/test_integration.py b/tests/test_integration.py
@@ -3,6 +3,7 @@
 import io
 import os
 import pathlib
+import ssl
 import sys
 import tarfile
 import time
@@ -70,6 +71,17 @@ async def test_ssl_context(monkeypatch):
     docker = Docker()
     assert docker.connector._ssl
     await docker.close()
+    with pytest.raises(TypeError):
+        docker = Docker(ssl_context="bad ssl context")
+    ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
+    ssl_ctx.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
+    ssl_ctx.load_verify_locations(cafile=str(cert_dir / "ca.pem"))
+    ssl_ctx.load_cert_chain(
+        certfile=str(cert_dir / "cert.pem"), keyfile=str(cert_dir / "key.pem")
+    )
+    docker = Docker(ssl_context=ssl_ctx)
+    assert docker.connector._ssl
+    await docker.close()
 
 
 @pytest.mark.skipif(