Skip TLS verification for localhost

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
2021-03-01 18:12:19 +05:30 · 2021-03-01 18:12:19 +05:30 · 8014d9fee0
commit 8014d9fee0
parent 10bbd1a462
1 changed files with 18 additions and 4 deletions
--- a/pkg/cri/server/image_pull.go
+++ b/pkg/cri/server/image_pull.go
@ -337,6 +337,9 @@ func (c *criService) registryHosts(auth *runtime.AuthConfig) docker.RegistryHost
 				if err != nil {
 					return nil, errors.Wrapf(err, "get TLSConfig for registry %q", e)
 				}
 			} else if isLocalHost(host) && u.Scheme == "http" {
 				// Skipping TLS verification for localhost
 				transport.TLSClientConfig.InsecureSkipVerify = true
 			}
 			if auth == nil && config.Auth != nil {
@ -366,15 +369,26 @@ func (c *criService) registryHosts(auth *runtime.AuthConfig) docker.RegistryHost
 // defaultScheme returns the default scheme for a registry host.
 func defaultScheme(host string) string {
-	if h, _, err := net.SplitHostPort(host); err == nil {
+	if isLocalHost(host) {
 		host = h
 	}
 	if host == "localhost" || host == "127.0.0.1" || host == "::1" {
 		return "http"
 	}
 	return "https"
 }
 // isLocalHost checks if the registry host is local.
 func isLocalHost(host string) bool {
 	if h, _, err := net.SplitHostPort(host); err == nil {
 		host = h
 	}
 	if host == "localhost" {
 		return true
 	}
 	ip := net.ParseIP(host)
 	return ip.IsLoopback()
 }
 // addDefaultScheme returns the endpoint with default scheme
 func addDefaultScheme(endpoint string) (string, error) {
 	if strings.Contains(endpoint, "://") {