From 1f8f03ebc44a763a7686eda8cbf6341b9c057a6f Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Sat, 28 Nov 2020 10:45:59 +0800
Subject: [PATCH 11/17] verify peer if it's secure registry

we verify peer only when CA file is provided before,
now we verify peer if it's secure registry

Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
 src/daemon/modules/image/oci/registry/http_request.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index 60644ed5..fb44a7b6 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -118,7 +118,7 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
         }
     }
 
-    if (options->ca_file != NULL) {
+    if (!desc->insecure_registry) {
         options->ssl_verify_peer = true;
     }
 
-- 
2.25.1