Apply skipping certification verification to authorization as well

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>

Author: ktock

pkg/imgutil/dockerconfigresolver/dockerconfigresolver.go

@@ -62,6 +62,11 @@ func New(refHostname string, optFuncs ...Opt) (remotes.Resolver, error) {
 		of(&o)
 	}
 	var authzOpts []docker.AuthorizerOpt
+	var insecureClient *http.Client
+	if o.skipVerifyCerts {
+		insecureClient = newInsecureClient()
+		authzOpts = append(authzOpts, docker.WithAuthClient(insecureClient))
+	}
 	if authCreds, err := NewAuthCreds(refHostname); err != nil {
 		return nil, err
 	} else {
@@ -77,15 +82,7 @@ func New(refHostname string, optFuncs ...Opt) (remotes.Resolver, error) {
 		docker.WithPlainHTTP(plainHTTPFunc),
 	}
 	if o.skipVerifyCerts {
-		tr := &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
-			},
-		}
-		client := &http.Client{
-			Transport: tr,
-		}
-		regOpts = append(regOpts, docker.WithClient(client))
+		regOpts = append(regOpts, docker.WithClient(insecureClient))
 	}
 	resovlerOpts := docker.ResolverOptions{
 		Hosts: docker.ConfigureDefaultRegistries(regOpts...),
@@ -94,6 +91,17 @@ func New(refHostname string, optFuncs ...Opt) (remotes.Resolver, error) {
 	return resolver, nil
 }
 
+func newInsecureClient() *http.Client {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	}
+	return &http.Client{
+		Transport: tr,
+	}
+}
+
 // AuthCreds is for docker.WithAuthCreds
 type AuthCreds func(string) (string, string, error)