crypto/tls: improve documentation for ServerName.

Users of the low-level, Client function are frequenctly missing the fact that, unless they pass a ServerName to the TLS connection then it cannot verify the certificates against any name. This change makes it clear that at least one of InsecureSkipVerify and ServerName should always be set. LGTM=bradfitz R=golang-codereviews, bradfitz CC=golang-codereviews https://golang.org/cl/65440043
2025-12-08 06:10:04 +00:00 · 2014-02-19 11:17:09 -05:00 · 2014-02-19 11:17:09 -05:00 · 80692a3f81
commit 80692a3f81
parent ae38b03f6c
2 changed files with 5 additions and 5 deletions
--- a/src/pkg/crypto/tls/common.go
+++ b/src/pkg/crypto/tls/common.go
@ -231,8 +231,9 @@ type Config struct {
 	// NextProtos is a list of supported, application level protocols.
 	NextProtos []string

-	// ServerName is included in the client's handshake to support virtual
-	// hosting.
+	// ServerName is used to verify the hostname on the returned
+	// certificates unless InsecureSkipVerify is given. It is also included
+	// in the client's handshake to support virtual hosting.
 	ServerName string

 	// ClientAuth determines the server's policy for