From 9244361c17c6ca2958e4d74a9767f86395552123 Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Wed, 10 Jul 2024 18:32:12 -0700
Subject: [PATCH] Check for https scheme before using inscure tls

Signed-off-by: Tamal Saha <tamal@appscode.com>
---
 pkg/identity/b3.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go
index fca494e5a..06472293c 100644
--- a/pkg/identity/b3.go
+++ b/pkg/identity/b3.go
@@ -60,7 +60,7 @@ func NewClient(baseURL, token string, caCert []byte, kc client.Reader) (*Client,
 			return nil, err
 		}
 		// use InsecureSkipVerify, if IP address is used for baseURL host
-		if ip := net.ParseIP(u.Hostname()); ip != nil {
+		if ip := net.ParseIP(u.Hostname()); ip != nil && u.Scheme == "https" {
 			customTransport := http.DefaultTransport.(*http.Transport).Clone()
 			customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 			c.client = &http.Client{Transport: customTransport}