Re: [jclouds-labs] Upgrade to docker 1.7 (#188)

Csaba Palfi Tue, 21 Jul 2015 06:04:45 -0700

> +         client.setConnectTimeout(utils.getConnectionTimeout(), 
> TimeUnit.MILLISECONDS);
> +         client.setReadTimeout(utils.getSocketOpenTimeout(), 
> TimeUnit.MILLISECONDS);
> +         client.setFollowRedirects(false);
> +         ConnectionSpec tlsSpec = new 
> ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> +                 .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.TLS_1_1, 
> TlsVersion.TLS_1_2)
> +                 .build();
> +         ConnectionSpec cleartextSpec = new 
> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT)
> +                 .build();
> +         client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
> +         
> client.setSslSocketFactory(sslContextWithKeysSupplier.get().getSocketFactory());
> +
> +         if (utils.relaxHostname()) {
> +            client.setHostnameVerifier(hostnameVerifier);
> +         }
> +         return client;
> +      }


The reason we need the custom untrusted SSL context is to add the docker client 
key and certificate for client authentication (as docker uses mutual SSL). So 
even if we trust all certificates via a trustmanager, we still need to have the 
keys in the keymanager when initializing the SSL context.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/188/files#r35098684

Re: [jclouds-labs] Upgrade to docker 1.7 (#188)

Reply via email to