fixup! fixup! Migrate OCIRepository controller to runtime/secrets

Signed-off-by: cappyzawa <[email protected]>

Author: cappyzawa

internal/controller/ocirepository_controller.go

@@ -971,6 +971,17 @@ func (r *OCIRepositoryReconciler) transport(ctx context.Context, obj *sourcev1.O
 		return nil, err
 	}
 	if tlsConfig != nil {
+		// Set ServerName for proper virtual hosting support.
+		// This is crucial for OCI registries that use virtual hosting where multiple
+		// registries are hosted on the same IP address. Without ServerName, the TLS
+		// handshake would fail with a certificate mismatch error.
+		// Note: runtime/secrets does not set ServerName, so this must be done at the
+		// controller level to ensure proper TLS SNI (Server Name Indication) support.
+		u, err := url.Parse(obj.Spec.URL)
+		if err != nil {
+			return nil, fmt.Errorf("cannot parse repository URL: %w", err)
+		}
+		tlsConfig.ServerName = u.Hostname()
 		transport.TLSClientConfig = tlsConfig
 	}