jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Csaba Palfi <notificati...@github.com>
Subject Re: [jclouds-labs] Upgrade to docker 1.7 (#188)
Date Tue, 21 Jul 2015 13:03:47 GMT
> +         client.setConnectTimeout(utils.getConnectionTimeout(), TimeUnit.MILLISECONDS);
> +         client.setReadTimeout(utils.getSocketOpenTimeout(), TimeUnit.MILLISECONDS);
> +         client.setFollowRedirects(false);
> +         ConnectionSpec tlsSpec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> +                 .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
> +                 .build();
> +         ConnectionSpec cleartextSpec = new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT)
> +                 .build();
> +         client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
> +         client.setSslSocketFactory(sslContextWithKeysSupplier.get().getSocketFactory());
> +
> +         if (utils.relaxHostname()) {
> +            client.setHostnameVerifier(hostnameVerifier);
> +         }
> +         return client;
> +      }

The reason we need the custom untrusted SSL context is to add the docker client key and certificate
for client authentication (as docker uses mutual SSL). So even if we trust all certificates
via a trustmanager, we still need to have the keys in the keymanager when initializing the
SSL context.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/188/files#r35098684
Mime
View raw message