Fix for problems found by @dguerri

* TLSConfig['verify'] has to be set to False if we're only encrypting the connection, not verifying the host. * tls_hostname was not set if tls_ca_cert was not present https://github.com/ansible/ansible-modules-core/pull/926#issuecomment-78573877
10 years ago · 3a6cc86578
parent 1add8ed9e5
commit 3a6cc86578
1 changed files with 14 additions and 13 deletions
--- a/cloud/docker/docker.py
+++ b/cloud/docker/docker.py
@ -567,7 +567,6 @@ class DockerManager(object):
        if not tls_ca_cert and env_cert_path:
            tls_ca_cert = os.path.join(env_cert_path, 'ca.pem')

-        if tls_ca_cert:
        tls_hostname = module.params.get('tls_hostname')
        if tls_hostname is None:
            if env_docker_hostname:
@ -610,8 +609,10 @@ class DockerManager(object):
                else:
                    params['verify'] = True
                    params['assert_hostname'] = tls_hostname
+            elif use_tls == 'encrpyt':
+                params['verify'] = False

-            if params or use_tls == 'encrypt':
+            if params:
                # See https://github.com/docker/docker-py/blob/d39da11/docker/utils/utils.py#L279-L296
                docker_url = docker_url.replace('tcp://', 'https://')
                tls_config = docker.tls.TLSConfig(**params)