From 2889a45502a03604e348b24874478c0ebe8afb14 Mon Sep 17 00:00:00 2001
From: xinyanw409 <wxinyan@vmware.com>
Date: Mon, 6 Feb 2023 15:54:16 -0800
Subject: [PATCH] Add insecureSkipTLSVerify flag

---
 pkg/utils/utils.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index efcba606..8e999db2 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -18,6 +18,7 @@ package utils
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"github.com/hashicorp/go-version"
@@ -27,6 +28,7 @@ import (
 	"io/ioutil"
 	"k8s.io/client-go/tools/clientcmd"
 	"net"
+	"net/http"
 	"os"
 	"strconv"
 	"strings"
@@ -338,6 +340,7 @@ func RetrieveVSLFromVeleroBSLs(params map[string]interface{}, bslName string, co
 	params["s3ForcePathStyle"] = backupStorageLocation.Spec.Config["s3ForcePathStyle"]
 	params["s3Url"] = backupStorageLocation.Spec.Config["s3Url"]
 	params["profile"] = backupStorageLocation.Spec.Config["profile"]
+	params["insecureSkipTLSVerify"] = backupStorageLocation.Spec.Config["insecureSkipTLSVerify"]
 
 	if backupStorageLocation.Spec.ObjectStorage.CACert != nil {
 		params["caCert"] = string(backupStorageLocation.Spec.ObjectStorage.CACert)
@@ -403,6 +406,28 @@ func GetS3PETMFromParamsMap(params map[string]interface{}, logger logrus.FieldLo
 		}
 	}
 
+	insecureSkipTLSVerify, ok := GetStringFromParamsMap(params, "insecureSkipTLSVerify", logger)
+	if ok {
+		if GetBool(insecureSkipTLSVerify, false) {
+			defaultTransport := http.DefaultTransport.(*http.Transport)
+			sess.Config.HTTPClient = &http.Client{
+				// Copied from net/http
+				Transport: &http.Transport{
+					Proxy:                 defaultTransport.Proxy,
+					DialContext:           defaultTransport.DialContext,
+					MaxIdleConns:          defaultTransport.MaxIdleConns,
+					IdleConnTimeout:       defaultTransport.IdleConnTimeout,
+					TLSHandshakeTimeout:   defaultTransport.TLSHandshakeTimeout,
+					ExpectContinueTimeout: defaultTransport.ExpectContinueTimeout,
+					// Set insecureSkipVerify true
+					TLSClientConfig: &tls.Config{
+						InsecureSkipVerify: true,
+					},
+				},
+			}
+		}
+	}
+
 	prefix, ok := params["prefix"].(string)
 	if !ok {
 		prefix = constants.DefaultS3RepoPrefix