|
@@ -2687,3 +2687,28 @@ func TestContainerNetworkMode(t *testing.T) {
|
|
|
|
|
|
logDone("run - container shared network namespace")
|
|
|
}
|
|
|
+
|
|
|
+func TestRunTLSverify(t *testing.T) {
|
|
|
+ cmd := exec.Command(dockerBinary, "ps")
|
|
|
+ out, ec, err := runCommandWithOutput(cmd)
|
|
|
+ if err != nil || ec != 0 {
|
|
|
+ t.Fatalf("Should have worked: %v:\n%v", err, out)
|
|
|
+ }
|
|
|
+
|
|
|
+ // Regardless of whether we specify true or false we need to
|
|
|
+ // test to make sure tls is turned on if --tlsverify is specified at all
|
|
|
+
|
|
|
+ cmd = exec.Command(dockerBinary, "--tlsverify=false", "ps")
|
|
|
+ out, ec, err = runCommandWithOutput(cmd)
|
|
|
+ if err == nil || ec == 0 || !strings.Contains(out, "trying to connect") {
|
|
|
+ t.Fatalf("Should have failed: \nec:%v\nout:%v\nerr:%v", ec, out, err)
|
|
|
+ }
|
|
|
+
|
|
|
+ cmd = exec.Command(dockerBinary, "--tlsverify=true", "ps")
|
|
|
+ out, ec, err = runCommandWithOutput(cmd)
|
|
|
+ if err == nil || ec == 0 || !strings.Contains(out, "cert") {
|
|
|
+ t.Fatalf("Should have failed: \nec:%v\nout:%v\nerr:%v", ec, out, err)
|
|
|
+ }
|
|
|
+
|
|
|
+ logDone("run - verify tls is set for --tlsverify")
|
|
|
+}
|