From 0ca553e5976acd49f2b9177755e1b2c685c19e48 Mon Sep 17 00:00:00 2001 From: rsdy Date: Wed, 9 Jan 2019 02:24:14 +0000 Subject: Make TLS/openssl an optional dependency (#130) --- src/lib.rs | 100 ++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 60 insertions(+), 40 deletions(-) (limited to 'src/lib.rs') diff --git a/src/lib.rs b/src/lib.rs index 7fb7dcb..020699b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -47,10 +47,12 @@ use crate::{ }; use futures::{future::Either, Future, IntoFuture, Stream}; use hyper::{client::HttpConnector, Body, Client, Method, Uri}; +#[cfg(feature = "tls")] use hyper_openssl::HttpsConnector; #[cfg(feature = "unix-socket")] use hyperlocal::UnixConnector; use mime::Mime; +#[cfg(feature = "tls")] use openssl::ssl::{SslConnector, SslFiletype, SslMethod}; use serde_json::Value; use std::{borrow::Cow, env, path::Path, time::Duration}; @@ -742,7 +744,63 @@ impl<'a, 'b> Volume<'a, 'b> { } } -// https://docs.docker.com/reference/api/ +fn get_http_connector() -> HttpConnector { + let mut http = HttpConnector::new(1); + http.enforce_http(false); + + http +} + +#[cfg(feature = "tls")] +fn get_docker_for_tcp(tcp_host_str: String) -> Docker { + let http = get_http_connector(); + if let Ok(ref certs) = env::var("DOCKER_CERT_PATH") { + // fixme: don't unwrap before you know what's in the box + // https://github.com/hyperium/hyper/blob/master/src/net.rs#L427-L428 + let mut connector = SslConnector::builder(SslMethod::tls()).unwrap(); + connector.set_cipher_list("DEFAULT").unwrap(); + let cert = &format!("{}/cert.pem", certs); + let key = &format!("{}/key.pem", certs); + connector + .set_certificate_file(&Path::new(cert), SslFiletype::PEM) + .unwrap(); + connector + .set_private_key_file(&Path::new(key), SslFiletype::PEM) + .unwrap(); + if env::var("DOCKER_TLS_VERIFY").is_ok() { + let ca = &format!("{}/ca.pem", certs); + connector.set_ca_file(&Path::new(ca)).unwrap(); + } + + Docker { + transport: Transport::EncryptedTcp { + client: Client::builder() + .build(HttpsConnector::with_connector(http, connector).unwrap()), + host: tcp_host_str, + }, + } + } else { + Docker { + transport: Transport::Tcp { + client: Client::builder().build(http), + host: tcp_host_str, + }, + } + } +} + +#[cfg(not(feature = "tls"))] +fn get_docker_for_tcp(tcp_host_str: String) -> Docker { + let http = get_http_connector(); + Docker { + transport: Transport::Tcp { + client: Client::builder().build(http), + host: tcp_host_str, + }, + } +} + +// https://docs.docker.com/reference/api/docker_remote_api_v1.17/ impl Docker { /// constructs a new Docker instance for a docker host listening at a url specified by an env var `DOCKER_HOST`, /// falling back on unix:///var/run/docker.sock @@ -795,45 +853,7 @@ impl Docker { #[cfg(not(feature = "unix-socket"))] Some("unix") => panic!("Unix socket support is disabled"), - _ => { - let mut http = HttpConnector::new(1); - // Required to support DOCKER_HOST variables of the form `tcp://127.0.0.1:2375`. - http.enforce_http(false); - - if let Ok(ref certs) = env::var("DOCKER_CERT_PATH") { - // fixme: don't unwrap before you know what's in the box - // https://github.com/hyperium/hyper/blob/master/src/net.rs#L427-L428 - let mut connector = SslConnector::builder(SslMethod::tls()).unwrap(); - connector.set_cipher_list("DEFAULT").unwrap(); - let cert = &format!("{}/cert.pem", certs); - let key = &format!("{}/key.pem", certs); - connector - .set_certificate_file(&Path::new(cert), SslFiletype::PEM) - .unwrap(); - connector - .set_private_key_file(&Path::new(key), SslFiletype::PEM) - .unwrap(); - if env::var("DOCKER_TLS_VERIFY").is_ok() { - let ca = &format!("{}/ca.pem", certs); - connector.set_ca_file(&Path::new(ca)).unwrap(); - } - - Docker { - transport: Transport::EncryptedTcp { - client: Client::builder() - .build(HttpsConnector::with_connector(http, connector).unwrap()), - host: tcp_host_str, - }, - } - } else { - Docker { - transport: Transport::Tcp { - client: Client::builder().build(http), - host: tcp_host_str, - }, - } - } - } + _ => get_docker_for_tcp(tcp_host_str), } } -- cgit v1.2.3