diff --git a/commit.go b/commit.go
index f89930399..f48064226 100644
--- a/commit.go
+++ b/commit.go
@@ -120,7 +120,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 		return imgID, errors.Wrapf(err, "error computing layer digests and building metadata")
 	}
 	// "Copy" our image to where it needs to be.
-	err = cp.Image(ctx, policyContext, dest, src, getCopyOptions(options.ReportWriter, nil, systemContext, ""))
+	err = cp.Image(ctx, policyContext, dest, src, getCopyOptions(options.ReportWriter, src, nil, dest, systemContext, ""))
 	if err != nil {
 		return imgID, errors.Wrapf(err, "error copying layers and metadata")
 	}
@@ -176,7 +176,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options
 		return err
 	}
 	// Copy everything.
-	err = cp.Image(ctx, policyContext, dest, src, getCopyOptions(options.ReportWriter, nil, systemContext, options.ManifestType))
+	err = cp.Image(ctx, policyContext, dest, src, getCopyOptions(options.ReportWriter, src, nil, dest, systemContext, options.ManifestType))
 	if err != nil {
 		return errors.Wrapf(err, "error copying layers and metadata")
 	}
diff --git a/common.go b/common.go
index dcf922dc9..56a901925 100644
--- a/common.go
+++ b/common.go
@@ -3,7 +3,10 @@ package buildah
 import (
 	"io"
 
+	"github.com/sirupsen/logrus"
+
 	cp "github.com/containers/image/copy"
+	"github.com/containers/image/transports"
 	"github.com/containers/image/types"
 )
 
@@ -14,11 +17,35 @@ const (
 	DOCKER = "docker"
 )
 
-func getCopyOptions(reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string) *cp.Options {
+func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference, sourceSystemContext *types.SystemContext, destinationReference types.ImageReference, destinationSystemContext *types.SystemContext, manifestType string) *cp.Options {
+	sourceCtx := &types.SystemContext{}
+	if sourceSystemContext != nil {
+		*sourceCtx = *sourceSystemContext
+	}
+	sourceInsecure, err := isReferenceInsecure(sourceReference, sourceCtx)
+	if err != nil {
+		logrus.Debugf("error determining if registry for %q is insecure: %v", transports.ImageName(sourceReference), err)
+	} else if sourceInsecure {
+		sourceCtx.DockerInsecureSkipTLSVerify = true
+		sourceCtx.OCIInsecureSkipTLSVerify = true
+	}
+
+	destinationCtx := &types.SystemContext{}
+	if destinationSystemContext != nil {
+		*destinationCtx = *destinationSystemContext
+	}
+	destinationInsecure, err := isReferenceInsecure(destinationReference, destinationCtx)
+	if err != nil {
+		logrus.Debugf("error determining if registry for %q is insecure: %v", transports.ImageName(destinationReference), err)
+	} else if destinationInsecure {
+		destinationCtx.DockerInsecureSkipTLSVerify = true
+		destinationCtx.OCIInsecureSkipTLSVerify = true
+	}
+
 	return &cp.Options{
 		ReportWriter:          reportWriter,
-		SourceCtx:             sourceSystemContext,
-		DestinationCtx:        destinationSystemContext,
+		SourceCtx:             sourceCtx,
+		DestinationCtx:        destinationCtx,
 		ForceManifestMIMEType: manifestType,
 	}
 }
diff --git a/imagebuildah/build.go b/imagebuildah/build.go
index f954f7a6d..727e41c38 100644
--- a/imagebuildah/build.go
+++ b/imagebuildah/build.go
@@ -1131,6 +1131,7 @@ func (b *Executor) Commit(ctx context.Context, ib *imagebuilder.Builder, created
 		AdditionalTags:        b.additionalTags,
 		ReportWriter:          writer,
 		PreferredManifestType: b.outputFormat,
+		SystemContext:         b.systemContext,
 		IIDFile:               b.iidfile,
 		Squash:                b.squash,
 		Parent:                b.builder.FromImageID,
diff --git a/pkg/parse/parse.go b/pkg/parse/parse.go
index d206508b4..1f13cfdee 100644
--- a/pkg/parse/parse.go
+++ b/pkg/parse/parse.go
@@ -283,6 +283,8 @@ func SystemContextFromOptions(c *cli.Context) (*types.SystemContext, error) {
 	}
 	if c.IsSet("tls-verify") {
 		ctx.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify")
+		ctx.OCIInsecureSkipTLSVerify = !c.BoolT("tls-verify")
+		ctx.DockerDaemonInsecureSkipTLSVerify = !c.BoolT("tls-verify")
 	}
 	if c.IsSet("creds") {
 		var err error
diff --git a/pull.go b/pull.go
index c2fc6637f..627f2725b 100644
--- a/pull.go
+++ b/pull.go
@@ -190,7 +190,7 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio
 	}()
 
 	logrus.Debugf("copying %q to %q", spec, destName)
-	pullError := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, sc, nil, ""))
+	pullError := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, srcRef, sc, destRef, nil, ""))
 	if pullError == nil {
 		return destRef, nil
 	}
diff --git a/util.go b/util.go
index df78d3efb..94f293752 100644
--- a/util.go
+++ b/util.go
@@ -7,6 +7,7 @@ import (
 	"sync"
 
 	"github.com/containers/image/docker/reference"
+	"github.com/containers/image/pkg/sysregistries"
 	"github.com/containers/image/pkg/sysregistriesv2"
 	"github.com/containers/image/types"
 	"github.com/containers/storage"
@@ -184,6 +185,58 @@ func getRegistries(sc *types.SystemContext) ([]string, error) {
 	return searchRegistries, nil
 }
 
+// isRegistryInsecure checks if the named registry is marked as not secure
+func isRegistryInsecure(registry string, sc *types.SystemContext) (bool, error) {
+	registries, err := sysregistriesv2.GetRegistries(sc)
+	if err != nil {
+		return false, errors.Wrapf(err, "unable to parse the registries configuration (%s)", sysregistries.RegistriesConfPath(sc))
+	}
+	if reginfo := sysregistriesv2.FindRegistry(registry, registries); reginfo != nil {
+		return reginfo.Insecure, nil
+	}
+	return false, nil
+}
+
+// isRegistryBlocked checks if the named registry is marked as blocked
+func isRegistryBlocked(registry string, sc *types.SystemContext) (bool, error) {
+	registries, err := sysregistriesv2.GetRegistries(sc)
+	if err != nil {
+		return false, errors.Wrapf(err, "unable to parse the registries configuration (%s)", sysregistries.RegistriesConfPath(sc))
+	}
+	if reginfo := sysregistriesv2.FindRegistry(registry, registries); reginfo != nil {
+		return reginfo.Blocked, nil
+	}
+	return false, nil
+}
+
+// isReferenceSomething checks if the registry part of a reference is insecure or blocked
+func isReferenceSomething(ref types.ImageReference, sc *types.SystemContext, what func(string, *types.SystemContext) (bool, error)) (bool, error) {
+	if ref != nil && ref.DockerReference() != nil {
+		if named, ok := ref.DockerReference().(reference.Named); ok {
+			if domain := reference.Domain(named); domain != "" {
+				return what(domain, sc)
+			}
+		}
+	}
+	return false, nil
+}
+
+// isReferenceInsecure checks if the registry part of a reference is insecure
+func isReferenceInsecure(ref types.ImageReference, sc *types.SystemContext) (bool, error) {
+	return isReferenceSomething(ref, sc, isRegistryInsecure)
+}
+
+// isReferenceBlocked checks if the registry part of a reference is blocked
+func isReferenceBlocked(ref types.ImageReference, sc *types.SystemContext) (bool, error) {
+	if ref != nil && ref.Transport() != nil {
+		switch ref.Transport().Name() {
+		case "docker":
+			return isReferenceSomething(ref, sc, isRegistryBlocked)
+		}
+	}
+	return false, nil
+}
+
 // hasRegistry returns a bool/err response if the image has a registry in its
 // name
 func hasRegistry(imageName string) (bool, error) {