Merge pull request #110029 from ash2k/ash2k/no-double-tls-validation

tls.Dial() validates hostname, no need to do that manually
This commit is contained in:
Kubernetes Prow Robot 2022-05-16 07:34:18 -07:00 committed by GitHub
commit 81261d4693
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -24,10 +24,9 @@ import (
"net/http"
"net/url"
"k8s.io/klog/v2"
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/apimachinery/third_party/forked/golang/netutil"
"k8s.io/klog/v2"
)
// dialURL will dial the specified URL using the underlying dialer held by the passed
@ -109,21 +108,6 @@ func dialURL(ctx context.Context, url *url.URL, transport http.RoundTripper) (ne
}
}
// Return if we were configured to skip validation
if tlsConfig != nil && tlsConfig.InsecureSkipVerify {
return tlsConn, nil
}
// Verify
host, _, _ := net.SplitHostPort(dialAddr)
if tlsConfig != nil && len(tlsConfig.ServerName) > 0 {
host = tlsConfig.ServerName
}
if err := tlsConn.VerifyHostname(host); err != nil {
tlsConn.Close()
return nil, err
}
return tlsConn, nil
default:
return nil, fmt.Errorf("Unknown scheme: %s", url.Scheme)