From b09d3c39641e66160f588b66ac8c3b88cfd726a8 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 7 Dec 2020 16:26:42 +0800
Subject: [PATCH] verify peer only if CA configed

rollback ssl verify check condition because some system
do not have certs configed by default.

Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
 src/daemon/modules/image/oci/registry/http_request.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index fb44a7b6..60644ed5 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -118,7 +118,7 @@ static int setup_ssl_config(pull_descriptor *desc, struct http_get_options *opti
         }
     }
 
-    if (!desc->insecure_registry) {
+    if (options->ca_file != NULL) {
         options->ssl_verify_peer = true;
     }
 
-- 
2.25.1