-
-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker api enforces tls from docker 1.13 onwards #80
Conversation
For docker 1.13 onwards, not using `dc.NewTLSClient` will fail with malformed http response. Also, is there an option in dockertest v3 to support docker-machine? There was an option to support docker-machine in v2 but I can't seem to find it in v3. Providing such an option will allow us to use `dc.NewClientFromEnv()`.
Changes Unknown when pulling 97abb20 on calvinchengx:patch-1 into ** on ory:v3**. |
No, docker-machine is no longer supported explicitly. But you can simply point |
Ok. But even if it doesn't support |
Unfortunately, docker native (for windows) does not set up |
I just ran unit tests on windows that runs docker (for windows) 1.13.1 and it still works with master. What problem are you facing exactly? |
I also remember that docker for windows explicitly sets up the http endpoint because the certificate jazz is just broken on windows. And for osx and linux, docker uses (iirc) a socket |
Yup, when I unit test your patch on windows, this is what I get:
|
We don't need So |
I see. How about 'NewTLSPool' ?
Von meinem iPhone gesendet
… Am 21.02.2017 um 04:49 schrieb Calvin Cheng ***@***.***>:
We don't need TLS if we talk to a local socket, but we do need TLS if we talk to a remote socket (whether the remote connection is a docker-machine's docker server or a remote machine's docker server). This is now enforced.
So NewPool will probably need a flag of sorts so that library users can specify whether to use TLS or not depending on their requirements.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
dockertest.go
Outdated
|
||
client, err := dc.NewClient(endpoint) | ||
client, err := dc.NewClient(endpoint, cert, key, ca) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't look right?
Changes Unknown when pulling cde1a9a on calvinchengx:patch-1 into ** on ory:v3**. |
2 similar comments
Changes Unknown when pulling cde1a9a on calvinchengx:patch-1 into ** on ory:v3**. |
Changes Unknown when pulling cde1a9a on calvinchengx:patch-1 into ** on ory:v3**. |
coveralls, stahp |
Would this pull request be merged? Is there any other issue I need to amend? |
Yup :) |
For docker 1.13 onwards, not using
dc.NewTLSClient
will fail with malformed http response.Also, is there an option in dockertest v3 to support docker-machine? There was an option to support docker-machine in v2 but I can't seem to find it in v3. Providing such an option will allow us to use
dc.NewClientFromEnv()
.