From 9ba0ddf267f853afe37441da7798987e199817dd Mon Sep 17 00:00:00 2001
From: Aanand Prasad <aanand.prasad@gmail.com>
Date: Tue, 23 Feb 2016 14:29:52 -0800
Subject: [PATCH] Fix TLS regressions

- Set `verify` to the CA cert path if one has been specified, rather
  than `True`

- Don't set `assert_fingerprint`

Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
---
 docker/tls.py            | 9 +++++++--
 docker/utils/utils.py    | 2 +-
 tests/unit/utils_test.py | 4 +---
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/docker/tls.py b/docker/tls.py
index 01573a622..83b0ff7ef 100644
--- a/docker/tls.py
+++ b/docker/tls.py
@@ -54,10 +54,15 @@ def __init__(self, client_cert=None, ca_cert=None, verify=None,
 
     def configure_client(self, client):
         client.ssl_version = self.ssl_version
-        client.verify = self.verify
-        client.ca_cert = self.ca_cert
+
+        if self.verify and self.ca_cert:
+            client.verify = self.ca_cert
+        else:
+            client.verify = self.verify
+
         if self.cert:
             client.cert = self.cert
+
         client.mount('https://', ssladapter.SSLAdapter(
             ssl_version=self.ssl_version,
             assert_hostname=self.assert_hostname,
diff --git a/docker/utils/utils.py b/docker/utils/utils.py
index 61e5a8dc9..6fcf037a6 100644
--- a/docker/utils/utils.py
+++ b/docker/utils/utils.py
@@ -489,7 +489,7 @@ def kwargs_from_env(ssl_version=None, assert_hostname=None):
         verify=tls_verify,
         ssl_version=ssl_version,
         assert_hostname=assert_hostname,
-        assert_fingerprint=tls_verify)
+    )
 
     return params
 
diff --git a/tests/unit/utils_test.py b/tests/unit/utils_test.py
index a0a96bbe0..87796d117 100644
--- a/tests/unit/utils_test.py
+++ b/tests/unit/utils_test.py
@@ -194,7 +194,7 @@ def test_kwargs_from_env_tls(self):
         try:
             client = Client(**kwargs)
             self.assertEqual(kwargs['base_url'], client.base_url)
-            self.assertEqual(kwargs['tls'].verify, client.verify)
+            self.assertEqual(kwargs['tls'].ca_cert, client.verify)
             self.assertEqual(kwargs['tls'].cert, client.cert)
         except TypeError as e:
             self.fail(e)
@@ -213,7 +213,6 @@ def test_kwargs_from_env_tls_verify_false(self):
         try:
             client = Client(**kwargs)
             self.assertEqual(kwargs['base_url'], client.base_url)
-            self.assertEqual(kwargs['tls'].ca_cert, client.ca_cert)
             self.assertEqual(kwargs['tls'].cert, client.cert)
             self.assertFalse(kwargs['tls'].verify)
         except TypeError as e:
@@ -238,7 +237,6 @@ def test_kwargs_from_env_tls_verify_false_no_cert(self):
         try:
             client = Client(**kwargs)
             self.assertEqual(kwargs['base_url'], client.base_url)
-            self.assertEqual(kwargs['tls'].ca_cert, client.ca_cert)
             self.assertEqual(kwargs['tls'].cert, client.cert)
             self.assertFalse(kwargs['tls'].verify)
         except TypeError as e: