Allow to configure SSL host verification #192

rhuss · 2015-06-13T08:24:13Z

By default, the SSL host is verified when talking with the Docker host. This works fine except in situation when the docker host is contacted from within a run docker container by contacting it via the internal interface. That's because the docker host's server cert doesn't contain this internal IP.

SSLConnectionSocketFactory can be configured to use a ALLOW_ALLHOSTNAME_VERIFIER. This should be possible to switch on by env, prop, config.

The text was updated successfully, but these errors were encountered:

rhuss · 2015-06-13T10:00:43Z

Raised an issue moby/moby#13922 since I believe, that Docker could do better here, too.

rhuss · 2015-06-13T14:42:53Z

Maybe as a simple fix evaluate DOCKER_TLS_VERIFY for deciding upon verification.

rhuss · 2015-07-01T12:59:09Z

I will go the DOCKER_TLS_VERIFY route, since this is is the least intrusive solution for this quite special use case.

rhuss added this to the 0.12.1 milestone Jun 15, 2015

rhuss added the fixed label Jul 1, 2015

rhuss modified the milestones: 0.12.1, 0.13.0 Jul 3, 2015

rhuss closed this as completed in 1afdad5 Jul 3, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow to configure SSL host verification #192

Allow to configure SSL host verification #192

rhuss commented Jun 13, 2015

rhuss commented Jun 13, 2015

rhuss commented Jun 13, 2015

rhuss commented Jul 1, 2015

Allow to configure SSL host verification #192

Allow to configure SSL host verification #192

Comments

rhuss commented Jun 13, 2015

rhuss commented Jun 13, 2015

rhuss commented Jun 13, 2015

rhuss commented Jul 1, 2015