From c2facc995892336bf9457d65d2bd22c850853f29 Mon Sep 17 00:00:00 2001
From: Evan <78433178+evanebb@users.noreply.github.com>
Date: Tue, 29 Oct 2024 08:40:24 +0100
Subject: [PATCH] fix: enable TLS based on URL scheme for sync extension
 (#2747)

Signed-off-by: evanebb <78433178+evanebb@users.noreply.github.com>
---
 pkg/extensions/sync/httpclient/client.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/extensions/sync/httpclient/client.go b/pkg/extensions/sync/httpclient/client.go
index ea248257..37968cab 100644
--- a/pkg/extensions/sync/httpclient/client.go
+++ b/pkg/extensions/sync/httpclient/client.go
@@ -115,9 +115,11 @@ func (httpClient *Client) SetConfig(config Config) error {
 
 	httpClient.url = clientURL
 
+	// we want TLS enabled if the upstream registry URL is an HTTPS URL
+	tlsEnabled := clientURL.Scheme == "https"
+
 	clientOpts := common.HTTPClientOptions{
-		// we want TLS enabled when verifyTLS is true.
-		TLSEnabled: config.TLSVerify,
+		TLSEnabled: tlsEnabled,
 		VerifyTLS:  config.TLSVerify,
 		Host:       clientURL.Host,
 	}