bhurlow
bhurlow

Reputation: 2059

Clojure: Connecting to a TLS enable docker daemon using aleph

I'm trying to connect to a mutually authenticated Docker daemon using aleph. The aleph docs show that you can pass in a netty SSL context for auth purposes. It seems like I'm creating the SslContext correctly, but all requests are closed

(require '[aleph.http :as http])
(import '[io.netty.handler.ssl SslContext])
(import '[io.netty.handler.ssl SslProvider]) 
(import '[io.netty.handler.ssl SslContextBuilder])

(def ctx
  (doto (SslContextBuilder/forClient)
        (.keyManager (java.io.File. "certs/cert.pem") 
                     (java.io.File. "certs/client.pkcs8"))
        (.trustManager (java.io.File. "certs/ca.pem"))
        (.build)))

(let [pool (http/connection-pool {:connection-options {:ssl-context ctx}})]
  @(http/get (str "http://" host ":" port "/info") {:pool pool}))

results in: "ExceptionInfo connection was closed clojure.core/ex-info (core.clj:4617)"

Has anyone found good way to connect using TLS? I have tried https://github.com/aphyr/less-awful-ssl but that doesn't quite work with netty. Help thnx!

Upvotes: 1

Views: 333

Answers (1)

bhurlow
bhurlow

Reputation: 2059

found out I was creating the SslContext object wrong. Should be like:

(def ctx
 (.build
  (.keyManager
   (.trustManager (SslContextBuilder/forClient) ca)
   cert client-key)))

;; pass in ssl-context via pool
(let [pool (http/connection-pool {:connection-options {:ssl-context ctx}})]
  (-> @(http/get (str "https://" host ":" port "/info") {:pool pool})
      :body
      bs/to-string))

Upvotes: 0

Related Questions