TLS-Docker-Library

Build Docker images

First steps

1. Setup the environment

   ./setup.sh

2. Build the docker images

   • To build every available docker image, or every docker image of a specific TLS Libraries, use the build-everything.py script (requires python >=3.7)

     # use --help to see the available options
     images/build-everything.py

   • To build only specific TLS Libraries, use the build.sh scripts inside the subfolders of images/.

Inspect container content

docker build --squash -t <image name> . 
#without squash there are multiple layer.tar files
docker image save <image name> | tar x --wildcards -O "*/layer.tar" | tar t

Get Shell in intermediary container to get runtime dependencies

docker run --rm -it --cap-add SYS_PTRACE <intermediary image name> /bin/sh 
## ls, ldd, strace, ...

With build arguments

docker build --build-arg VERSION=0.5 -t bearssl .

Execution

With certificate volume

docker run --rm -it -v cert-data:/cert/:ro,nocopy -p 127.0.0.42:<port on host>:<port of internal tls server> <image name> options...

With certificate directory

docker run --rm -it -v /path/to/dir/:/cert/:ro,nocopy -p 127.0.0.42:<port on host>:<port of internal tls server> <image name> options...

On host network stack

docker run --rm -it -v cert-data:/cert/:ro,nocopy --network=host <image name> options...

Usage

Get the CONTAINER ID

docker ps

Get the IP-Address

docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <CONTAINER ID>

Connect directly

openssl s_client -connect <ip>:<port>

Stop container

docke container kill <CONTAINER ID>

Cleaning / Removing unused images

Dangling images (layers that have no relationship to any tagged images)

docker images -f dangling=true

Images with none name

docker rmi -f $(docker images  | grep none)

Images of sizes 100-999 MB

docker rmi -f $(docker images | grep -P "\d{3}MB")