From aa596f9d0cc97115db3c7f352098fcd3f07acc3e Mon Sep 17 00:00:00 2001
From: Abhinav Singh <126065+abhinavsingh@users.noreply.github.com>
Date: Tue, 13 Aug 2024 10:45:11 +0530
Subject: [PATCH] Option to not verify upstream ssl (#1459)

---
 proxy/http/client.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/proxy/http/client.py b/proxy/http/client.py
index d779f5c795..4945ff703c 100644
--- a/proxy/http/client.py
+++ b/proxy/http/client.py
@@ -33,8 +33,9 @@ def client(
     scheme: bytes = HTTPS_PROTO,
     timeout: float = DEFAULT_TIMEOUT,
     content_type: bytes = b'application/x-www-form-urlencoded',
+    verify: bool = True,
 ) -> Optional[HttpParser]:
-    """Makes a request to remote registry endpoint"""
+    """HTTP Client"""
     request = build_http_request(
         method=method,
         url=path,
@@ -53,9 +54,10 @@ def client(
     sock: TcpOrTlsSocket = conn
     if scheme == HTTPS_PROTO:
         try:
-            ctx = ssl.SSLContext(protocol=(ssl.PROTOCOL_TLS_CLIENT))
+            ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
             ctx.options |= DEFAULT_SSL_CONTEXT_OPTIONS
-            ctx.verify_mode = ssl.CERT_REQUIRED
+            ctx.check_hostname = verify
+            ctx.verify_mode = ssl.CERT_NONE if not verify else ssl.CERT_REQUIRED
             ctx.load_default_certs()
             sock = ctx.wrap_socket(conn, server_hostname=host.decode())
         except Exception as exc: