crypto/tls: relax the docs of InsecureSkipVerify
Fixes #39074
Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/239746
Reviewed-by: Katie Hockman <katie@golang.org>
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index eb002ad..e8d0091 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -600,12 +600,12 @@
// by the policy in ClientAuth.
ClientCAs *x509.CertPool
- // InsecureSkipVerify controls whether a client verifies the
- // server's certificate chain and host name.
- // If InsecureSkipVerify is true, TLS accepts any certificate
- // presented by the server and any host name in that certificate.
- // In this mode, TLS is susceptible to machine-in-the-middle attacks.
- // This should be used only for testing.
+ // InsecureSkipVerify controls whether a client verifies the server's
+ // certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
+ // accepts any certificate presented by the server and any host name in that
+ // certificate. In this mode, TLS is susceptible to machine-in-the-middle
+ // attacks unless custom verification is used. This should be used only for
+ // testing or in combination with VerifyConnection or VerifyPeerCertificate.
InsecureSkipVerify bool
// CipherSuites is a list of supported cipher suites for TLS versions up to