From af7d282afb231381f351f990cf20041e16929ab4 Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Mon, 4 Nov 2019 13:46:28 -0500
Subject: [PATCH] dynamic reload cluster authentication info for aggregated API
 servers

Kubernetes-commit: 3aede35b3b042e8a626e8fb9e1e181e73cd29d0a
---
 util/cert/server_inspection.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/cert/server_inspection.go b/util/cert/server_inspection.go
index 6d228916d..0fef88114 100644
--- a/util/cert/server_inspection.go
+++ b/util/cert/server_inspection.go
@@ -57,8 +57,8 @@ func GetClientCANamesForURL(kubeConfigURL string) ([]string, error) {
 	return GetClientCANames(apiserverURL.Host)
 }
 
-// GetServingCertificates returns the x509 certs used by a server.  The serverName is optional for specifying a different
-// name to get SNI certificates.  apiHost is "host:port"
+// GetServingCertificates returns the x509 certs used by a server as certificates and pem encoded bytes.
+// The serverName is optional for specifying a different name to get SNI certificates.  apiHost is "host:port"
 func GetServingCertificates(apiHost, serverName string) ([]*x509.Certificate, [][]byte, error) {
 	tlsConfig := &tls.Config{
 		InsecureSkipVerify: true, // this is insecure so that we always get connected