From b60804198c76fef7e21c37f093c085beffcfa09b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julio=20L=C3=B3pez?=
 <1953782+julio-lopez@users.noreply.github.com>
Date: Thu, 26 Sep 2024 21:51:07 -0700
Subject: [PATCH] refactor(provider): always clone default HTTP transport in S3
 provider (#4132)

The s3 storage provider had a different http transports for different cases:

- https without TLS verification: `&http.Transport{}` with default values;
- https with TLS verification: `http.DefaultTransport.Clone()`

This change uses `http.DefaultTransport` in all cases, instead of creating an
empty (zero-value) `http.Transport` for consistency.

Authored-by: aleksandr.samarin (@alexvbg)
---
 repo/blob/s3/s3_storage.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/repo/blob/s3/s3_storage.go b/repo/blob/s3/s3_storage.go
index 85c2b0a75..08fb37261 100644
--- a/repo/blob/s3/s3_storage.go
+++ b/repo/blob/s3/s3_storage.go
@@ -301,12 +301,14 @@ func (s *s3Storage) DisplayName() string {
 }
 
 func getCustomTransport(opt *Options) (*http.Transport, error) {
+	transport := http.DefaultTransport.(*http.Transport).Clone() //nolint:forcetypeassert
+
 	if opt.DoNotVerifyTLS {
 		//nolint:gosec
-		return &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}, nil
-	}
+		transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 
-	transport := http.DefaultTransport.(*http.Transport).Clone() //nolint:forcetypeassert
+		return transport, nil
+	}
 
 	if len(opt.RootCA) != 0 {
 		rootcas := x509.NewCertPool()