Don't use TLS for socket connections

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Author: thaJeztah

cli/command/cli.go

@@ -284,7 +284,9 @@ func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.
 		return &client.Client{}, err
 	}
 	if helper == nil {
-		clientOpts = append(clientOpts, withHTTPClient(opts.TLSOptions))
+		if !dopts.IsSocket(host) {
+			clientOpts = append(clientOpts, withHTTPClient(opts.TLSOptions))
+		}
 		clientOpts = append(clientOpts, client.WithHost(host))
 	} else {
 		clientOpts = append(clientOpts, func(c *client.Client) error {

opts/hosts.go

@@ -84,6 +84,19 @@ func parseDockerDaemonHost(addr string) (string, error) {
 	}
 }
 
+// IsSocket checks if the given address is a Unix-socket (linux) or named pipe (Windows)
+func IsSocket(addr string) bool {
+	addrParts := strings.SplitN(addr, "://", 2)
+	if len(addrParts) == 1 && addrParts[0] != "" {
+		addrParts = []string{"tcp", addrParts[0]}
+	}
+	switch addrParts[0] {
+	case "unix", "npipe", "fd":
+		return true
+	}
+	return false
+}
+
 // parseSimpleProtoAddr parses and validates that the specified address is a valid
 // socket address for simple protocols like unix and npipe. It returns a formatted
 // socket address, either using the address parsed from addr, or the contents of