From f04730dc84abfddad270606c1559380b4851ffc5 Mon Sep 17 00:00:00 2001
From: Evan Anderson <evan.k.anderson@gmail.com>
Date: Wed, 28 Jul 2021 13:23:45 -0700
Subject: [PATCH] Make --insecure-registry work with TLS registries whose certs
 we can't verify. (#398)

* Make --insecure-registry work with TLS registries whose certs we can't verify.

* Don't error if we can't disable TLS checking when insecure.
---
 pkg/publish/options.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pkg/publish/options.go b/pkg/publish/options.go
index 8c95f397..ead9fd40 100644
--- a/pkg/publish/options.go
+++ b/pkg/publish/options.go
@@ -15,6 +15,7 @@
 package publish
 
 import (
+	"crypto/tls"
 	"log"
 	"net/http"
 	"path"
@@ -105,6 +106,17 @@ func WithTagOnly(tagOnly bool) Option {
 func Insecure(b bool) Option {
 	return func(i *defaultOpener) error {
 		i.insecure = b
+		t, ok := i.t.(*http.Transport)
+		if !ok {
+			return nil
+		}
+		t = t.Clone()
+		if t.TLSClientConfig == nil {
+			t.TLSClientConfig = &tls.Config{} //nolint: gosec
+		}
+		t.TLSClientConfig.InsecureSkipVerify = b //nolint: gosec
+		i.t = t
+
 		return nil
 	}
 }