> + client.setConnectTimeout(utils.getConnectionTimeout(),
> TimeUnit.MILLISECONDS);
> + client.setReadTimeout(utils.getSocketOpenTimeout(),
> TimeUnit.MILLISECONDS);
> + client.setFollowRedirects(false);
> + ConnectionSpec tlsSpec = new
> ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> + .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.TLS_1_1,
> TlsVersion.TLS_1_2)
> + .build();
> + ConnectionSpec cleartextSpec = new
> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT)
> + .build();
> + client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
> +
> client.setSslSocketFactory(sslContextWithKeysSupplier.get().getSocketFactory());
> +
> + if (utils.relaxHostname()) {
> + client.setHostnameVerifier(hostnameVerifier);
> + }
> + return client;
> + }
Providing a custom supplier can work great unless you want to provide a custom
`SSLSocketFactory` as the provider will override it if trustAllCerts is set.
(See
[OkHttpCommandExecutorServiceModule.java#L83](https://github.com/jclouds/jclouds/blob/master/drivers/okhttp/src/main/java/org/jclouds/http/okhttp/config/OkHttpCommandExecutorServiceModule.java#L83)).
I think in case of docker even if trustAllCerts is set to true by any reason
(e.g. for a different provider) we always want to have our custom SSLContext
with the docker keys.
Maybe we can just use the default provider and a custom supplier and document
that docker doesn't work when trustAllCerts is set or there're some other
solutions. I agree that having duplicate code is a pretty bad code smell.
---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/188/files#r35082552
