From c239d66d5d261f0f956925705c679fffb61bdb05 Mon Sep 17 00:00:00 2001
From: Hakan Ardo <hakan@debian.org>
Date: Wed, 3 Mar 2021 09:27:21 +0100
Subject: Verify TLS keys loaded from docker contexts

This maches the behaviour of the docker cli when using contexts.

Signed-off-by: Hakan Ardo <hakan@debian.org>
---
 docker/context/context.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'docker')

diff --git a/docker/context/context.py b/docker/context/context.py
index 2413b2e..b1cacf9 100644
--- a/docker/context/context.py
+++ b/docker/context/context.py
@@ -127,8 +127,12 @@ class Context:
                 elif filename.startswith("key"):
                     key = os.path.join(tls_dir, endpoint, filename)
             if all([ca_cert, cert, key]):
+                verify = None
+                if endpoint == "docker":
+                    if not self.endpoints["docker"].get("SkipTLSVerify", False):
+                        verify = True
                 certs[endpoint] = TLSConfig(
-                    client_cert=(cert, key), ca_cert=ca_cert)
+                    client_cert=(cert, key), ca_cert=ca_cert, verify=verify)
         self.tls_cfg = certs
         self.tls_path = tls_dir
 
-- 
cgit v1.2.1