/usr/lib/python2.7/dist-packages/docker/tls.py is in python-docker 0.5.3-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | import os
from . import errors
from .ssladapter import ssladapter
class TLSConfig(object):
cert = None
verify = None
ssl_version = None
def __init__(self, client_cert=None, ca_cert=None, verify=None,
ssl_version=None, assert_hostname=None):
# Argument compatibility/mapping with
# http://docs.docker.com/examples/https/
# This diverges from the Docker CLI in that users can specify 'tls'
# here, but also disable any public/default CA pool verification by
# leaving tls_verify=False
# urllib3 sets a default ssl_version if ssl_version is None
# http://tinyurl.com/kxga8hb
self.ssl_version = ssl_version
self.assert_hostname = assert_hostname
# "tls" and "tls_verify" must have both or neither cert/key files
# In either case, Alert the user when both are expected, but any are
# missing.
if client_cert:
try:
tls_cert, tls_key = client_cert
except ValueError:
raise errors.TLSParameterError(
'client_config must be a tuple of'
' (client certificate, key file)'
)
if not (tls_cert and tls_key) or (not os.path.isfile(tls_cert) or
not os.path.isfile(tls_key)):
raise errors.TLSParameterError(
'Path to a certificate and key files must be provided'
' through the client_config param'
)
self.cert = (tls_cert, tls_key)
# Either set verify to True (public/default CA checks) or to the
# path of a CA Cert file.
if verify is not None:
if not ca_cert:
self.verify = verify
elif os.path.isfile(ca_cert):
if not verify:
raise errors.TLSParameterError(
'verify can not be False when a CA cert is'
' provided.'
)
self.verify = ca_cert
else:
raise errors.TLSParameterError(
'Invalid CA certificate provided for `tls_ca_cert`.'
)
def configure_client(self, client):
client.ssl_version = self.ssl_version
if self.verify is not None:
client.verify = self.verify
if self.cert:
client.cert = self.cert
client.mount('https://', ssladapter.SSLAdapter(
ssl_version=self.ssl_version,
assert_hostname=self.assert_hostname,
))
|