Fix configurations with no server provided

When a server is specified at the top level, there is a bug
that prevents the keys from being checked properly.
When no server is provided, the server attempts to parse
with an empty host, leaving partial values and a defaulted
skip verify configuration.

Signed-off-by: Derek McGowan <derek@mcg.dev>

remotes/docker/config/hosts.go

@@ -272,7 +272,7 @@ type hostFileConfig struct {
 	// TODO: Make this an array (two key types, one for pairs (multiple files), one for single file?)
 	Client toml.Primitive `toml:"client"`
 
-	SkipVerify bool `toml:"skip_verify"`
+	SkipVerify *bool `toml:"skip_verify"`
 
 	// API (default: "docker")
 	// API Version (default: "v2")
@@ -322,33 +322,32 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig
 	for i, server := range orderedHosts {
 		hostConfig := c.HostConfigs[server]
 
-		if !strings.HasPrefix(server, "http") {
+		if server != "" {
-			server = "https://" + server
+			if !strings.HasPrefix(server, "http") {
-		}
+				server = "https://" + server
-		u, err := url.Parse(server)
-		if err != nil {
-			return nil, errors.Errorf("unable to parse server %v", server)
-		}
-		hosts[i].scheme = u.Scheme
-		hosts[i].host = u.Host
-
-		// TODO: Handle path based on registry protocol
-		// Define a registry protocol type
-		//   OCI v1    - Always use given path as is
-		//   Docker v2 - Always ensure ends with /v2/
-		if len(u.Path) > 0 {
-			u.Path = path.Clean(u.Path)
-			if !strings.HasSuffix(u.Path, "/v2") {
-				u.Path = u.Path + "/v2"
 			}
-		} else {
+			u, err := url.Parse(server)
-			u.Path = "/v2"
+			if err != nil {
-		}
+				return nil, errors.Errorf("unable to parse server %v", server)
-		hosts[i].path = u.Path
+			}
+			hosts[i].scheme = u.Scheme
+			hosts[i].host = u.Host
 
-		if hosts[i].scheme == "https" {
+			// TODO: Handle path based on registry protocol
-			hosts[i].skipVerify = &hostConfig.SkipVerify
+			// Define a registry protocol type
+			//   OCI v1    - Always use given path as is
+			//   Docker v2 - Always ensure ends with /v2/
+			if len(u.Path) > 0 {
+				u.Path = path.Clean(u.Path)
+				if !strings.HasSuffix(u.Path, "/v2") {
+					u.Path = u.Path + "/v2"
+				}
+			} else {
+				u.Path = "/v2"
+			}
+			hosts[i].path = u.Path
 		}
+		hosts[i].skipVerify = hostConfig.SkipVerify
 
 		if len(hostConfig.Capabilities) > 0 {
 			for _, c := range hostConfig.Capabilities {
@@ -368,7 +367,7 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig
 		}
 
 		baseKey := []string{}
-		if server != "" {
+		if server != "" && server != c.Server {
 			baseKey = append(baseKey, "host", server)
 		}
 		caKey := append(baseKey, "ca")

remotes/docker/config/hosts_test.go

@@ -80,6 +80,7 @@ ca = "/etc/path/default"
 [host."https://mirror.registry"]
   capabilities = ["pull"]
   ca = "/etc/certs/mirror.pem"
+  skip_verify = false
 
 [host."https://mirror-bak.registry/us"]
   capabilities = ["pull"]
@@ -132,7 +133,6 @@ ca = "/etc/path/default"
 				{filepath.FromSlash("/etc/certs/client.cert"), filepath.FromSlash("/etc/certs/client.key")},
 				{filepath.FromSlash("/etc/certs/client.pem"), ""},
 			},
-			skipVerify: &fb,
 		},
 		{
 			scheme:       "https",
@@ -142,7 +142,6 @@ ca = "/etc/path/default"
 			clientPairs: [][2]string{
 				{filepath.FromSlash("/etc/certs/client.pem")},
 			},
-			skipVerify: &fb,
 		},
 		{
 			scheme:       "https",
@@ -153,14 +152,13 @@ ca = "/etc/path/default"
 				{filepath.FromSlash("/etc/certs/client-1.pem")},
 				{filepath.FromSlash("/etc/certs/client-2.pem")},
 			},
-			skipVerify: &fb,
 		},
 		{
 			scheme:       "https",
 			host:         "test-default.registry",
 			path:         "/v2",
 			capabilities: allCaps,
-			skipVerify:   &fb,
+			caCerts:      []string{filepath.FromSlash("/etc/path/default")},
 		},
 	}
 	hosts, err := parseHostsFile(ctx, "", []byte(testtoml))