Merge pull request #2352 from johanneswuerbach/patch-6

fix(tests): Allow TLS

Author: Matthew Fisher

tests/dockercli/dockercli.go

@@ -4,12 +4,15 @@ package dockercli
 
 import (
 	"bufio"
+	"crypto/tls"
+	"log"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
+	"path/filepath"
 	"strings"
 	"testing"
 	"time"
@@ -18,6 +21,11 @@ import (
 	"github.com/docker/docker/api/client"
 )
 
+const (
+	defaultKeyFile      = "key.pem"
+	defaultCertFile     = "cert.pem"
+)
+
 // CloseWrap ensures that an io.Writer is closed.
 func CloseWrap(args ...io.Closer) error {
 	e := false
@@ -88,7 +96,33 @@ func NewClient() (
 	cli *client.DockerCli, stdout *io.PipeReader, stdoutPipe *io.PipeWriter) {
 	proto, addr, _ := DockerHost()
 	stdout, stdoutPipe = io.Pipe()
-	cli = client.NewDockerCli(nil, stdoutPipe, nil, nil, proto, addr, nil)
+
+	dockerCertPath := os.Getenv("DOCKER_CERT_PATH")
+	// Boot2docker use TLS per default, Jenkins not
+	if dockerCertPath != "" {
+		var (
+			tlsConfig tls.Config
+		)
+		tlsConfig.InsecureSkipVerify = true
+
+		flCert := filepath.Join(dockerCertPath, defaultCertFile)
+		flKey := filepath.Join(dockerCertPath, defaultKeyFile)
+
+		_, errCert := os.Stat(flCert)
+		_, errKey := os.Stat(flKey)
+		if errCert == nil && errKey == nil {
+			cert, err := tls.LoadX509KeyPair(flCert, flKey)
+			if err != nil {
+				log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
+			}
+			tlsConfig.Certificates = []tls.Certificate{cert}
+		}
+		// Avoid fallback to SSL protocols < TLS1.0
+		tlsConfig.MinVersion = tls.VersionTLS10
+		cli = client.NewDockerCli(nil, stdoutPipe, nil, nil, proto, addr, &tlsConfig)
+	} else {
+		cli = client.NewDockerCli(nil, stdoutPipe, nil, nil, proto, addr, nil)
+	}
 	return
 }