crypto/tls: relax the docs of InsecureSkipVerify Fixes #39074 Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93 Reviewed-on: https://go-review.googlesource.com/c/go/+/239746 Reviewed-by: Katie Hockman <katie@golang.org>

commit: cd10f5f632983e63b156478abdfa0bd57e93898c [log] [tgz]
author: Filippo Valsorda <filippo@golang.org> Wed Jun 24 14:31:49 2020 -0400
committer: Filippo Valsorda <filippo@golang.org> Tue Jul 07 23:55:02 2020 +0000
tree: e3dc59824f6a066d38cf718fcadfc6abcf3133fc
parent: c769a47291249bd0901d20b58f10ba62c444c926 [diff]
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index eb002ad..e8d0091 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go

@@ -600,12 +600,12 @@
 	// by the policy in ClientAuth.
 	ClientCAs *x509.CertPool
 
-	// InsecureSkipVerify controls whether a client verifies the
-	// server's certificate chain and host name.
-	// If InsecureSkipVerify is true, TLS accepts any certificate
-	// presented by the server and any host name in that certificate.
-	// In this mode, TLS is susceptible to machine-in-the-middle attacks.
-	// This should be used only for testing.
+	// InsecureSkipVerify controls whether a client verifies the server's
+	// certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
+	// accepts any certificate presented by the server and any host name in that
+	// certificate. In this mode, TLS is susceptible to machine-in-the-middle
+	// attacks unless custom verification is used. This should be used only for
+	// testing or in combination with VerifyConnection or VerifyPeerCertificate.
 	InsecureSkipVerify bool
 
 	// CipherSuites is a list of supported cipher suites for TLS versions up to
commit	cd10f5f632983e63b156478abdfa0bd57e93898c	[log] [tgz]
author	Filippo Valsorda <filippo@golang.org>	Wed Jun 24 14:31:49 2020 -0400
committer	Filippo Valsorda <filippo@golang.org>	Tue Jul 07 23:55:02 2020 +0000
tree	e3dc59824f6a066d38cf718fcadfc6abcf3133fc
parent	c769a47291249bd0901d20b58f10ba62c444c926 [diff]