diff --git a/main.go b/main.go
index a0ad09f..faf31a5 100644
--- a/main.go
+++ b/main.go
@@ -635,7 +635,12 @@ func newProxyDialContext(dialTimeout time.Duration) DialContext {
 // tlsClientSessionCacheSize is the cache size for TLS client sessions.
 const tlsClientSessionCacheSize = 100
 
-func clientTransport(ctx *cli.Context, enableTLS bool) http.RoundTripper {
+type RoundTripperWrapper struct {
+	enableTLS bool
+	ctx       *cli.Context
+}
+
+func (rtw *RoundTripperWrapper) RoundTrip(req *http.Request) (*http.Response, error) {
 	tr := &http.Transport{
 		Proxy:                 http.ProxyFromEnvironment,
 		DialContext:           dialContextWithDNSCache(dnsCache, newProxyDialContext(10*time.Second)),
@@ -654,12 +659,12 @@ func clientTransport(ctx *cli.Context, enableTLS bool) http.RoundTripper {
 		DisableCompression: true,
 	}
 
-	if enableTLS {
+	if rtw.enableTLS {
 		// Keep TLS config.
 		tr.TLSClientConfig = &tls.Config{
-			RootCAs:            getCertPool(ctx.GlobalString("cacert")),
-			Certificates:       getCertKeyPair(ctx.GlobalString("client-cert"), ctx.GlobalString("client-key")),
-			InsecureSkipVerify: ctx.GlobalBool("insecure"),
+			RootCAs:            getCertPool(rtw.ctx.GlobalString("cacert")),
+			Certificates:       getCertKeyPair(rtw.ctx.GlobalString("client-cert"), rtw.ctx.GlobalString("client-key")),
+			InsecureSkipVerify: rtw.ctx.GlobalBool("insecure"),
 			// Can't use SSLv3 because of POODLE and BEAST
 			// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
 			// Can't use TLSv1.1 because of RC4 cipher usage
@@ -668,8 +673,11 @@ func clientTransport(ctx *cli.Context, enableTLS bool) http.RoundTripper {
 			ClientSessionCache:       tls.NewLRUClientSessionCache(tlsClientSessionCacheSize),
 		}
 	}
+	return tr.RoundTrip(req)
+}
 
-	return tr
+func clientTransport(ctx *cli.Context, enableTLS bool) http.RoundTripper {
+	return &RoundTripperWrapper{ctx: ctx, enableTLS: enableTLS}
 }
 
 func checkMain(ctx *cli.Context) {