You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLS and TLS_VERIFY are not mutually exclusive. One could set TLS and TLS_VERIFY to True, which would mean connect using TLS and verify the server using the default/public CA pool.
Need to review _get_connect_params() method again and make sure we're covering all the connection use cases.
The text was updated successfully, but these errors were encountered:
There is no such thing as mutually exclusive on docker and for good reasons: one may have to use TLS on port 2376 but the SSL vertificates may be temporary broken like expired or not matching hostnames.
This is someting that can happen in real life, even production and thus is why the DOCKER_TLS_VERIFY option was added in the first place, to allow bypassing verification. Making it mutually exclusive makes no sense and breaks it because without telling docker to use TLS via DOCKER_TLS=1, it will fail to run.
ISSUE TYPE
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
This is actually wrong in docker_common:
TLS and TLS_VERIFY are not mutually exclusive. One could set TLS and TLS_VERIFY to True, which would mean connect using TLS and verify the server using the default/public CA pool.
Need to review _get_connect_params() method again and make sure we're covering all the connection use cases.
The text was updated successfully, but these errors were encountered: