TLS-Docker-Library
Build Docker images
First steps
-
Setup the environment
./setup.sh
-
Build the docker images
-
To build every available docker image, or every docker image of a specific TLS Libraries, use the
build-everything.py
script (requirespython >=3.7
)# use --help to see the available options images/build-everything.py
-
To build only specific TLS Libraries, use the
build.sh
scripts inside the subfolders ofimages/
.
-
Inspect container content
docker build --squash -t <image name> .
#without squash there are multiple layer.tar files
docker image save <image name> | tar x --wildcards -O "*/layer.tar" | tar t
Get Shell in intermediary container to get runtime dependencies
docker run --rm -it --cap-add SYS_PTRACE <intermediary image name> /bin/sh
## ls, ldd, strace, ...
With build arguments
docker build --build-arg VERSION=0.5 -t bearssl .
Execution
With certificate volume
docker run --rm -it -v cert-data:/cert/:ro,nocopy -p 127.0.0.42:<port on host>:<port of internal tls server> <image name> options...
With certificate directory
docker run --rm -it -v /path/to/dir/:/cert/:ro,nocopy -p 127.0.0.42:<port on host>:<port of internal tls server> <image name> options...
On host network stack
docker run --rm -it -v cert-data:/cert/:ro,nocopy --network=host <image name> options...
Usage
Get the CONTAINER ID
docker ps
Get the IP-Address
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <CONTAINER ID>
Connect directly
openssl s_client -connect <ip>:<port>
Stop container
docke container kill <CONTAINER ID>
Cleaning / Removing unused images
Dangling images (layers that have no relationship to any tagged images)
docker images -f dangling=true
Images with none name
docker rmi -f $(docker images | grep none)
Images of sizes 100-999 MB
docker rmi -f $(docker images | grep -P "\d{3}MB")