From db1d5f7ea37c2a3b0bedc9dbcbf5bd3b32258219 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 13 Jan 2016 20:18:06 -0500 Subject: [PATCH] Add test to verify that response hijacking always works over TLS. Signed-off-by: David Calavera --- integration-cli/docker_cli_daemon_test.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go index 190480f235..2fa39dae46 100644 --- a/integration-cli/docker_cli_daemon_test.go +++ b/integration-cli/docker_cli_daemon_test.go @@ -1439,6 +1439,29 @@ func (s *DockerDaemonSuite) TestHttpsInfo(c *check.C) { } } +// TestHttpsRun connects via two-way authenticated HTTPS to the create, attach, start, and wait endpoints. +// https://github.com/docker/docker/issues/19280 +func (s *DockerDaemonSuite) TestHttpsRun(c *check.C) { + const ( + testDaemonHTTPSAddr = "tcp://localhost:4271" + ) + + if err := s.d.StartWithBusybox("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem", + "--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHTTPSAddr); err != nil { + c.Fatalf("Could not start daemon with busybox: %v", err) + } + + daemonArgs := []string{"--host", testDaemonHTTPSAddr, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-cert.pem", "--tlskey", "fixtures/https/client-key.pem"} + out, err := s.d.CmdWithArgs(daemonArgs, "run", "busybox", "echo", "TLS response") + if err != nil { + c.Fatalf("Error Occurred: %s and output: %s", err, out) + } + + if !strings.Contains(out, "TLS response") { + c.Fatalf("expected output to include `TLS response`, got %v", out) + } +} + // TestTlsVerify verifies that --tlsverify=false turns on tls func (s *DockerDaemonSuite) TestTlsVerify(c *check.C) { out, err := exec.Command(dockerBinary, "daemon", "--tlsverify=false").CombinedOutput()