From ee3e8dedb3b8f9d877d472f8fb88263dc3e23487 Mon Sep 17 00:00:00 2001
From: "Mr. Secure" <ben.github@mrsecure.org>
Date: Sat, 24 Sep 2016 19:42:39 -0500
Subject: [PATCH] Fixes #167 - use get_docker_cumulative_command_line_args to
 check TLS settings

Additionally, split warning into 2 parts:  no TLS, TLS w/o verification

Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
---
 tests/2_docker_daemon_configuration.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tests/2_docker_daemon_configuration.sh b/tests/2_docker_daemon_configuration.sh
index 3822b62..22795cf 100644
--- a/tests/2_docker_daemon_configuration.sh
+++ b/tests/2_docker_daemon_configuration.sh
@@ -52,19 +52,26 @@ fi
 check_2_6="2.6  - Configure TLS authentication for Docker daemon"
 get_docker_cumulative_command_line_args '-H' | grep -vE '(unix|fd)://' >/dev/null 2>&1
 if [ $? -eq 0 ]; then
-  get_command_line_args docker | grep "tlsverify" | grep "tlskey" >/dev/null 2>&1
+  get_docker_cumulative_command_line_args '--tlskey' | grep 'tlskey=' >/dev/null 2>&1
   if [ $? -eq 0 ]; then
-    pass "$check_2_6"
-    info "     * Docker daemon currently listening on TCP"
+    get_docker_cumulative_command_line_args '--tlsverify' | grep 'tlsverify' >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+      pass "$check_2_6"
+      #pass "     * Docker daemon currently listening on TCP with TLS and verification"
+    else
+      warn "$check_2_6"
+      warn "     * Docker daemon currently listening on TCP with TLS, but no verification"
+    fi
   else
     warn "$check_2_6"
-    warn "     * Docker daemon currently listening on TCP without --tlsverify"
+    warn "     * Docker daemon currently listening on TCP without TLS"
   fi
 else
   info "$check_2_6"
   info "     * Docker daemon not listening on TCP"
 fi
 
+
 # 2.7
 check_2_7="2.7 - Set default ulimit as appropriate"
 get_docker_effective_command_line_args '--default-ulimit' | grep "default-ulimit" >/dev/null 2>&1