docker api enforces tls from docker 1.13 onwards

[calvinchengx]

For docker 1.13 onwards, not using dc.NewTLSClient will fail with malformed http response.

Also, is there an option in dockertest v3 to support docker-machine? There was an option to support docker-machine in v2 but I can't seem to find it in v3. Providing such an option will allow us to use dc.NewClientFromEnv().

[coveralls]

Changes Unknown when pulling 97abb20 on calvinchengx:patch-1 into ** on ory:v3**.

[aeneasr]

No, docker-machine is no longer supported explicitly. But you can simply point NewPool to the ip:port of the docker daemon in the docker-machine image?

[calvinchengx]

Ok. But even if it doesn't support docker-machine explicitly, NewPool with the correct ip:port will still fail because NewPool uses dc.NewClient instead of dc.NewTLSClient. docker 1.13 onwards requires TLS communication.

[aeneasr]

Unfortunately, docker native (for windows) does not set up $DOCKER_CERT_PATH automatically. Any idea how to resolve this? Also, do we need TLS if we talk to a local socket?

[aeneasr]

I just ran unit tests on windows that runs docker (for windows) 1.13.1 and it still works with master. What problem are you facing exactly?

[aeneasr]

I also remember that docker for windows explicitly sets up the http endpoint because the certificate jazz is just broken on windows. And for osx and linux, docker uses (iirc) a socket unix:///var/run/docker.sock which I think does not need TLS because it's local.

[aeneasr]

Yup, when I unit test your patch on windows, this is what I get:

Error:          Expected nil, but got: : Post https://localhost:2375/images/create?fromImage=postgres&tag=9.5: http: server gave HTTP response to HTTPS client

[calvinchengx]

We don't need TLS if we talk to a local socket, but we do need TLS if we talk to a remote socket (whether the remote connection is a docker-machine's docker server or a remote machine's docker server). This is now enforced.

So NewPool will probably need a flag of sorts so that library users can specify whether to use TLS or not depending on their requirements.

[aeneasr]

I see. How about 'NewTLSPool' ? Von meinem iPhone gesendet

…

Am 21.02.2017 um 04:49 schrieb Calvin Cheng ***@***.***>: We don't need TLS if we talk to a local socket, but we do need TLS if we talk to a remote socket (whether the remote connection is a docker-machine's docker server or a remote machine's docker server). This is now enforced. So NewPool will probably need a flag of sorts so that library users can specify whether to use TLS or not depending on their requirements. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[aeneasr]

This doesn't look right?

[coveralls]

Changes Unknown when pulling cde1a9a on calvinchengx:patch-1 into ** on ory:v3**.

[coveralls]

Changes Unknown when pulling cde1a9a on calvinchengx:patch-1 into ** on ory:v3**.

[coveralls]

Changes Unknown when pulling cde1a9a on calvinchengx:patch-1 into ** on ory:v3**.

[aeneasr]

coveralls, stahp

[calvinchengx]

Would this pull request be merged? Is there any other issue I need to amend?

[aeneasr]

Yup :)