jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Csaba Palfi <notificati...@github.com>
Subject Re: [jclouds-labs] Upgrade to docker 1.7 (#188)
Date Tue, 21 Jul 2015 09:22:43 GMT
> +         client.setConnectTimeout(utils.getConnectionTimeout(), TimeUnit.MILLISECONDS);
> +         client.setReadTimeout(utils.getSocketOpenTimeout(), TimeUnit.MILLISECONDS);
> +         client.setFollowRedirects(false);
> +         ConnectionSpec tlsSpec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> +                 .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
> +                 .build();
> +         ConnectionSpec cleartextSpec = new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT)
> +                 .build();
> +         client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
> +         client.setSslSocketFactory(sslContextWithKeysSupplier.get().getSocketFactory());
> +
> +         if (utils.relaxHostname()) {
> +            client.setHostnameVerifier(hostnameVerifier);
> +         }
> +         return client;
> +      }

Great idea, makes a lot of sense :)

One area which is a bit unclear is what should happen when someone sets trustAllCerts=true
but also sets a docker ca cert path. You can either setup a trustmanager with the docker ca
cert and ignore trustAllCerts or ignore the docker ca cert and trust all certs.

I have a feeling if someone sets trustAllCerts they know what they're doing and that's a 'stronger
statement' so in that case all else should be ignored (e.g docker cacert, etc).

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/188/files#r35084190
Mime
View raw message