Specifying --tls no longer overrides all other TLS options

Add an option to skip hostname verification

Signed-off-by: Joffrey F <[email protected]>

compose/cli/docker_client.py

@@ -22,14 +22,17 @@ def tls_config_from_options(options):
     key = options.get('--tlskey')
     verify = options.get('--tlsverify')
 
-    if tls is True:
+    advanced_opts = any([ca_cert, cert, key, verify])
+
+    if tls is True and not advanced_opts:
         return True
-    elif any([ca_cert, cert, key, verify]):
+    elif advanced_opts:
         client_cert = None
         if cert or key:
             client_cert = (cert, key)
         return TLSConfig(
-            client_cert=client_cert, verify=verify, ca_cert=ca_cert
+            client_cert=client_cert, verify=verify, ca_cert=ca_cert,
+            assert_hostname=options.get('--skip-hostname-check')
         )
     else:
         return None

compose/cli/main.py

@@ -156,6 +156,9 @@ class TopLevelCommand(object):
       --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
       --tlskey TLS_KEY_PATH       Path to TLS key file
       --tlsverify                 Use TLS and verify the remote
+      --skip-hostname-check       Don't check the daemon's hostname against the name specified
+                                  in the client certificate (for example if your docker host
+                                  is an IP address)
 
     Commands:
       build              Build or rebuild services