From 5eb498646722d6976f90dd5c7cf49647dfa7af26 Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Wed, 10 Jul 2024 18:28:47 -0700
Subject: [PATCH] Use InsecureSkipVerify, if IP address is used for baseURL
 host (#445)

Signed-off-by: Tamal Saha <tamal@appscode.com>
---
 pkg/identity/b3.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go
index dd4e25c38..fca494e5a 100644
--- a/pkg/identity/b3.go
+++ b/pkg/identity/b3.go
@@ -20,7 +20,9 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"io"
+	"net"
 	"net/http"
+	"net/url"
 	"path"
 
 	kmapi "kmodules.xyz/client-go/api/v1"
@@ -53,7 +55,18 @@ func NewClient(baseURL, token string, caCert []byte, kc client.Reader) (*Client,
 		kc:      kc,
 	}
 	if len(caCert) == 0 {
-		c.client = http.DefaultClient
+		u, err := url.Parse(baseURL)
+		if err != nil {
+			return nil, err
+		}
+		// use InsecureSkipVerify, if IP address is used for baseURL host
+		if ip := net.ParseIP(u.Hostname()); ip != nil {
+			customTransport := http.DefaultTransport.(*http.Transport).Clone()
+			customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+			c.client = &http.Client{Transport: customTransport}
+		} else {
+			c.client = http.DefaultClient
+		}
 	} else {
 		caCertPool := x509.NewCertPool()
 		caCertPool.AppendCertsFromPEM(caCert)