[BUG] TLS context not working in 2.39.3. #13229
Description
Description
Is this a regression? The following works fine in every version I tested back to 2.36.2.
What I see when I build a trivial compose YAML with a TLS context is:
% docker compose build
[+] Building 0.0s (0/0)
error during connect: Head "https://192.168.100.2:2376/_ping": remote error: tls: certificate requiredThis works fine:
docker build -t my-image:latest -f Dockerfile .Steps To Reproduce
Dockerfile:
FROM alpine:latest
RUN apk add curlservices:
http-server:
container_name: http-server
image: python:slim
command: [ "python3", "-m", "http.server" ]
restart: always
ports:
- 127.0.0.1:8000:8000
http-client:
container_name: http-client
build:
context: .
dockerfile: Dockerfile
image: my-image:latest
command: [ "sleep", "3600" ]
restart: always
Compose Version
% docker compose version
Docker Compose version 2.39.3
% docker-compose version
Docker Compose version 2.39.3
Docker Environment
% docker info
Client: Docker Engine - Community
Version: 28.4.0
Context: test
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.28.0
Path: /opt/homebrew/lib/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: 2.39.3
Path: /opt/homebrew/lib/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 6
Server Version: 28.3.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
runc version: v1.1.12-0-g51d5e946
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.6.9
Operating System: Alpine Linux v3.22 (containerized)
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 23.44GiB
Name: docker
ID: 811b7624-2bbe-4a46-837e-e7c0b3346696
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Live Restore Enabled: false
Product License: Community Engine
WARNING: No cpuset support
Anything else?
% docker version
Client: Docker Engine - Community
Version: 28.4.0
API version: 1.51
Go version: go1.25.0
Git commit: d8eb465f86
Built: Wed Sep 3 20:52:20 2025
OS/Arch: darwin/arm64
Context: test
Server: Docker Engine - Community
Engine:
Version: 28.3.0
API version: 1.51 (minimum version 1.24)
Go version: go1.24.4
Git commit: 265f709
Built: Tue Jun 24 15:44:06 2025
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: v1.7.27
GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e946
docker-init:
Version: 0.19.0
GitCommit: de40ad0% docker context inspect
[
{
"Name": "test",
"Metadata": {},
"Endpoints": {
"docker": {
"Host": "tcp://192.168.100.2:2376",
"SkipTLSVerify": false
}
},
"TLSMaterial": {
"docker": [
"ca.pem",
"cert.pem",
"key.pem"
]
},
"Storage": {
"MetadataPath": "/Users/john/.docker/contexts/meta/2df5712e1cf303a50fac51e4b2c0ac71884f746b20f206f9df2eb6375fde7270",
"TLSPath": "/Users/john/.docker/contexts/tls/2df5712e1cf303a50fac51e4b2c0ac71884f746b20f206f9df2eb6375fde7270"
}
}
]