> + client.setConnectTimeout(utils.getConnectionTimeout(),
> TimeUnit.MILLISECONDS);
> + client.setReadTimeout(utils.getSocketOpenTimeout(),
> TimeUnit.MILLISECONDS);
> + client.setFollowRedirects(false);
> + ConnectionSpec tlsSpec = new
> ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> + .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.TLS_1_1,
> TlsVersion.TLS_1_2)
> + .build();
> + ConnectionSpec cleartextSpec = new
> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT)
> + .build();
> + client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
> +
> client.setSslSocketFactory(sslContextWithKeysSupplier.get().getSocketFactory());
> +
> + if (utils.relaxHostname()) {
> + client.setHostnameVerifier(hostnameVerifier);
> + }
> + return client;
> + }
Great idea, makes a lot of sense :)
One area which is a bit unclear is what should happen when someone sets
trustAllCerts=true but also sets a docker ca cert path. You can either setup a
trustmanager with the docker ca cert and ignore trustAllCerts or ignore the
docker ca cert and trust all certs.
I have a feeling if someone sets trustAllCerts they know what they're doing and
that's a 'stronger statement' so in that case all else should be ignored (e.g
docker cacert, etc).
---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/188/files#r35084190
