From 313e5e83e92f68349d2026fc3f358f237fe93a4a Mon Sep 17 00:00:00 2001 From: baude Date: Mon, 16 Apr 2018 13:39:00 -0500 Subject: regression: tls verify should be set on registries.conf if insecure In the case where podman needs to pull an image, if that registry that the image resides on is known to be insesure (as defined in /etc/containers/registries.conf), tls-verify should be altered on the fly. Signed-off-by: baude Closes: #626 Approved by: mheon --- docs/podman-pull.1.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/podman-pull.1.md b/docs/podman-pull.1.md index 6f46fdf86..698314184 100644 --- a/docs/podman-pull.1.md +++ b/docs/podman-pull.1.md @@ -83,7 +83,9 @@ option be used, as the default behavior of using the system-wide default policy **--tls-verify** -Require HTTPS and verify certificates when contacting registries (default: true) +Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, +then tls verification will be used, If set to false then tls verification will not be used. If not specified +tls verification will be used unless the target registry is listed as an insecure registry in registries.conf. ## EXAMPLES -- cgit v1.2.3-54-g00ecf