@@ -113,9 +113,7 @@ func (s *TagStore) CmdPull(job *engine.Job) engine.Status {

 		return job.Error(err)

 	}

-	secure := registry.IsSecure(hostname, s.insecureRegistries)

-

-	endpoint, err := registry.NewEndpoint(hostname, secure)

+	endpoint, err := registry.NewEndpoint(hostname, s.insecureRegistries)

 	if err != nil {

 		return job.Error(err)

 	}

@@ -214,9 +214,7 @@ func (s *TagStore) CmdPush(job *engine.Job) engine.Status {

 		return job.Error(err)

 	}

-	secure := registry.IsSecure(hostname, s.insecureRegistries)

-

-	endpoint, err := registry.NewEndpoint(hostname, secure)

+	endpoint, err := registry.NewEndpoint(hostname, s.insecureRegistries)

 	if err != nil {

 		return job.Error(err)

 	}

@@ -34,12 +34,15 @@ func scanForAPIVersion(hostname string) (string, APIVersion) {

 	return hostname, DefaultAPIVersion

 }

-func NewEndpoint(hostname string, secure bool) (*Endpoint, error) {

-	endpoint, err := newEndpoint(hostname, secure)

+func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {

+	endpoint, err := newEndpoint(hostname)

 	if err != nil {

 		return nil, err

 	}

+	secure := isSecure(endpoint.URL.Host, insecureRegistries)

+	endpoint.secure = secure

+

 	// Try HTTPS ping to registry

 	endpoint.URL.Scheme = "https"

 	if _, err := endpoint.Ping(); err != nil {

@@ -65,9 +68,9 @@ func NewEndpoint(hostname string, secure bool) (*Endpoint, error) {

 	return endpoint, nil

 }

-func newEndpoint(hostname string, secure bool) (*Endpoint, error) {

+func newEndpoint(hostname string) (*Endpoint, error) {

 	var (

-		endpoint        = Endpoint{secure: secure}

+		endpoint        = Endpoint{secure: true}

 		trimmedHostname string

 		err             error

 	)

@@ -149,10 +152,9 @@ func (e Endpoint) Ping() (RegistryInfo, error) {

 	return info, nil

 }

-// IsSecure returns false if the provided hostname is part of the list of insecure registries.

+// isSecure returns false if the provided hostname is part of the list of insecure registries.

 // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.

-func IsSecure(hostname string, insecureRegistries []string) bool {

-

+func isSecure(hostname string, insecureRegistries []string) bool {

 	if hostname == IndexServerAddress() {

 		return true

 	}

@@ -12,7 +12,7 @@ func TestEndpointParse(t *testing.T) {

 		{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},

 	}

 	for _, td := range testData {

-		e, err := newEndpoint(td.str, true)

+		e, err := newEndpoint(td.str)

 		if err != nil {

 			t.Errorf("%q: %s", td.str, err)

 		}

@@ -343,8 +343,8 @@ func TestIsSecure(t *testing.T) {

 		{"127.0.0.1:5000", []string{"example.com"}, false},

 	}

 	for _, tt := range tests {

-		if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {

-			t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)

+		if sec := isSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {

+			t.Errorf("isSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)

 		}

 	}

 }

@@ -40,7 +40,7 @@ func (s *Service) Auth(job *engine.Job) engine.Status {

 	job.GetenvJson("authConfig", authConfig)

 	if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {

-		endpoint, err := NewEndpoint(addr, IsSecure(addr, s.insecureRegistries))

+		endpoint, err := NewEndpoint(addr, s.insecureRegistries)

 		if err != nil {

 			return job.Error(err)

 		}

@@ -92,9 +92,7 @@ func (s *Service) Search(job *engine.Job) engine.Status {

 		return job.Error(err)

 	}

-	secure := IsSecure(hostname, s.insecureRegistries)

-

-	endpoint, err := NewEndpoint(hostname, secure)

+	endpoint, err := NewEndpoint(hostname, s.insecureRegistries)

 	if err != nil {

 		return job.Error(err)

 	}