fixup! Fix missing TLS ServerName in HelmRepository

Signed-off-by: cappyzawa <[email protected]>

Author: cappyzawa

internal/helm/getter/client_opts.go

@@ -21,7 +21,6 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
-	neturl "net/url"
 	"os"
 	"path"
 
@@ -123,7 +122,7 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1
 		}
 		certSecret = secret
 
-		tlsConfig, err := secrets.TLSConfigFromSecret(ctx, secret)
+		tlsConfig, err := secrets.TLSConfigFromSecret(ctx, secret, obj.Spec.URL, obj.Spec.Insecure)
 		if err != nil {
 			return false, nil, nil, fmt.Errorf("failed to construct Helm client's TLS config: %w", err)
 		}
@@ -139,7 +138,7 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1
 		}
 		authSecret = secret
 
-		methods, err := secrets.AuthMethodsFromSecret(ctx, secret)
+		methods, err := secrets.AuthMethodsFromSecret(ctx, secret, secrets.WithTLS(obj.Spec.URL, obj.Spec.Insecure))
 		if err != nil {
 			return false, nil, nil, fmt.Errorf("failed to detect authentication methods: %w", err)
 		}
@@ -156,20 +155,6 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1
 		}
 	}
 
-	// Set ServerName for proper virtual hosting support.
-	// This is crucial for Helm repositories that use virtual hosting where multiple
-	// repositories are hosted on the same IP address. Without ServerName, the TLS
-	// handshake would fail with a certificate mismatch error.
-	// Note: runtime/secrets does not set ServerName, so this must be done at the
-	// controller level to ensure proper TLS SNI (Server Name Indication) support.
-	if opts.TlsConfig != nil {
-		u, err := neturl.Parse(url)
-		if err != nil {
-			return false, nil, nil, fmt.Errorf("cannot parse repository URL: %w", err)
-		}
-		opts.TlsConfig.ServerName = u.Hostname()
-	}
-
 	return deprecatedTLS, certSecret, authSecret, nil
 }