diff options
| author | Joffrey F <joffrey@docker.com> | 2018-01-23 17:22:34 -0800 |
|---|---|---|
| committer | Joffrey F <joffrey@docker.com> | 2018-01-24 18:05:10 -0800 |
| commit | bab7ca3cde63295a4cd775c7e4da9516340af7f4 (patch) | |
| tree | b0888985392e79033f121bab36dd22a4235c2d1a | |
| parent | 500286d51e63510e9765868cbc1f8cc01ff36bbb (diff) | |
| download | docker-py-dperny-change-tls-default.tar.gz | |
Don't use PROTOCOL_TLSv1_2 directly to avoid ImportErrorsdperny-change-tls-default
Signed-off-by: Joffrey F <joffrey@docker.com>
| -rw-r--r-- | docker/tls.py | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/docker/tls.py b/docker/tls.py index 8fdf359..4900e9f 100644 --- a/docker/tls.py +++ b/docker/tls.py @@ -51,22 +51,15 @@ class TLSConfig(object): # majority of users with reasonably up-to-date software. However, # before doing so, detect openssl version to ensure we can support # it. - - # ssl.OPENSSL_VERSION_INFO returns a tuple of 5 integers - # representing version info. We want any OpenSSL version greater - # than 1.0.1. Python compares tuples lexigraphically, which means - # this comparison will work. - if ssl.OPENSSL_VERSION_INFO > (1, 0, 1, 0, 0): - # If this version is high enough to support TLSv1_2, then we - # should use it. - self.ssl_version = ssl.PROTOCOL_TLSv1_2 + if ssl.OPENSSL_VERSION_INFO[:3] >= (1, 0, 1) and hasattr( + ssl, 'PROTOCOL_TLSv1_2'): + # If the OpenSSL version is high enough to support TLSv1_2, + # then we should use it. + self.ssl_version = getattr(ssl, 'PROTOCOL_TLSv1_2') else: - # If we can't, use a differnent default. Before the commit - # introducing this version detection, the comment read: - # >>> TLS v1.0 seems to be the safest default; SSLv23 fails in - # >>> mysterious ways: - # >>> https://github.com/docker/docker-py/issues/963 - # Which is why we choose PROTOCOL_TLSv1 + # Otherwise, TLS v1.0 seems to be the safest default; + # SSLv23 fails in mysterious ways: + # https://github.com/docker/docker-py/issues/963 self.ssl_version = ssl.PROTOCOL_TLSv1 # "tls" and "tls_verify" must have both or neither cert/key files In |