Fix for problems found by @dguerridocker-tls-alt-854

* TLSConfig['verify'] has to be set to False if we're only encrypting the connection, not verifying the host. * tls_hostname was not set if tls_ca_cert was not present https://github.com/ansible/ansible-modules-core/pull/926#issuecomment-78573877
author: Toshio Kuratomi <toshio@fedoraproject.org> 2015-03-12 12:53:48 -0700
committer: Toshio Kuratomi <toshio@fedoraproject.org> 2015-03-12 12:53:48 -0700
commit: 3a6cc86578da7ea459dac38965692bad6a649ec9 (patch)
tree: 0e0693eaedb8fa963c8fba934eb2576e3c4dc934
parent: 1add8ed9e5ae96dfe9114861e6ccead33710a8a2 (diff)
download: ansible-modules-core-docker-tls-alt-854.tar.gz
1 files changed, 14 insertions, 13 deletions
diff --git a/cloud/docker/docker.py b/cloud/docker/docker.py
index 2815f580..802ecbb8 100644
--- a/cloud/docker/docker.py
+++ b/cloud/docker/docker.py
@@ -567,19 +567,18 @@ class DockerManager(object):
         if not tls_ca_cert and env_cert_path:
             tls_ca_cert = os.path.join(env_cert_path, 'ca.pem')
 
-        if tls_ca_cert:
-            tls_hostname = module.params.get('tls_hostname')
-            if tls_hostname is None:
-                if env_docker_hostname:
-                    tls_hostname = env_docker_hostname
+        tls_hostname = module.params.get('tls_hostname')
+        if tls_hostname is None:
+            if env_docker_hostname:
+                tls_hostname = env_docker_hostname
+            else:
+                parsed_url = urlparse(docker_url)
+                if ':' in parsed_url.netloc:
+                    tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')]
                 else:
-                    parsed_url = urlparse(docker_url)
-                    if ':' in parsed_url.netloc:
-                        tls_hostname = parsed_url.netloc[:parsed_url.netloc.rindex(':')]
-                    else:
-                        tls_hostname = parsed_url
-            if not tls_hostname:
-                tls_hostname = True
+                    tls_hostname = parsed_url
+        if not tls_hostname:
+            tls_hostname = True
 
         # use_tls can be one of four values:
         # no: Do not use tls
@@ -610,8 +609,10 @@ class DockerManager(object):
                 else:
                     params['verify'] = True
                     params['assert_hostname'] = tls_hostname
+            elif use_tls == 'encrpyt':
+                params['verify'] = False
 
-            if params or use_tls == 'encrypt':
+            if params:
                 # See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296
                 docker_url = docker_url.replace('tcp://', 'https://')
                 tls_config = docker.tls.TLSConfig(**params)
author	Toshio Kuratomi <toshio@fedoraproject.org>	2015-03-12 12:53:48 -0700
committer	Toshio Kuratomi <toshio@fedoraproject.org>	2015-03-12 12:53:48 -0700
commit	3a6cc86578da7ea459dac38965692bad6a649ec9 (patch)
tree	0e0693eaedb8fa963c8fba934eb2576e3c4dc934
parent	1add8ed9e5ae96dfe9114861e6ccead33710a8a2 (diff)
download	ansible-modules-core-docker-tls-alt-854.tar.gz