diff options
author | Filippo Valsorda <filippo@golang.org> | 2020-06-24 14:31:49 -0400 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2020-07-07 23:55:02 +0000 |
commit | cd10f5f632983e63b156478abdfa0bd57e93898c (patch) | |
tree | e3dc59824f6a066d38cf718fcadfc6abcf3133fc | |
parent | c769a47291249bd0901d20b58f10ba62c444c926 (diff) | |
download | go-cd10f5f632983e63b156478abdfa0bd57e93898c.tar.gz go-cd10f5f632983e63b156478abdfa0bd57e93898c.zip |
crypto/tls: relax the docs of InsecureSkipVerify
Fixes #39074
Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/239746
Reviewed-by: Katie Hockman <katie@golang.org>
-rw-r--r-- | src/crypto/tls/common.go | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index eb002ada2f..e8d009137a 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -600,12 +600,12 @@ type Config struct { // by the policy in ClientAuth. ClientCAs *x509.CertPool - // InsecureSkipVerify controls whether a client verifies the - // server's certificate chain and host name. - // If InsecureSkipVerify is true, TLS accepts any certificate - // presented by the server and any host name in that certificate. - // In this mode, TLS is susceptible to machine-in-the-middle attacks. - // This should be used only for testing. + // InsecureSkipVerify controls whether a client verifies the server's + // certificate chain and host name. If InsecureSkipVerify is true, crypto/tls + // accepts any certificate presented by the server and any host name in that + // certificate. In this mode, TLS is susceptible to machine-in-the-middle + // attacks unless custom verification is used. This should be used only for + // testing or in combination with VerifyConnection or VerifyPeerCertificate. InsecureSkipVerify bool // CipherSuites is a list of supported cipher suites for TLS versions up to |