From d441f35f09d0d8a253f4fbc4dc83f458a517b6df Mon Sep 17 00:00:00 2001
From: evanebb <78433178+evanebb@users.noreply.github.com>
Date: Sat, 26 Oct 2024 15:33:21 +0200
Subject: [PATCH] fix: enable TLS based on URL scheme for sync extension

Signed-off-by: evanebb <78433178+evanebb@users.noreply.github.com>
---
 pkg/extensions/sync/httpclient/client.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/extensions/sync/httpclient/client.go b/pkg/extensions/sync/httpclient/client.go
index ea248257f..37968cab7 100644
--- a/pkg/extensions/sync/httpclient/client.go
+++ b/pkg/extensions/sync/httpclient/client.go
@@ -115,9 +115,11 @@ func (httpClient *Client) SetConfig(config Config) error {
 
 	httpClient.url = clientURL
 
+	// we want TLS enabled if the upstream registry URL is an HTTPS URL
+	tlsEnabled := clientURL.Scheme == "https"
+
 	clientOpts := common.HTTPClientOptions{
-		// we want TLS enabled when verifyTLS is true.
-		TLSEnabled: config.TLSVerify,
+		TLSEnabled: tlsEnabled,
 		VerifyTLS:  config.TLSVerify,
 		Host:       clientURL.Host,
 	}