crypto/tls: improve documentation for ServerName.

Users of the low-level, Client function are frequenctly missing the fact that, unless they pass a ServerName to the TLS connection then it cannot verify the certificates against any name. This change makes it clear that at least one of InsecureSkipVerify and ServerName should always be set. LGTM=bradfitz R=golang-codereviews, bradfitz CC=golang-codereviews https://golang.org/cl/65440043
FiloSottile · Feb 19, 2014 · ae10e2f · ae10e2f
1 parent 5a2aacf
commit ae10e2f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/common.go b/common.go
@@ -231,8 +231,9 @@ type Config struct {
 	// NextProtos is a list of supported, application level protocols.
 	NextProtos []string
 
-	// ServerName is included in the client's handshake to support virtual
-	// hosting.
+	// ServerName is used to verify the hostname on the returned
+	// certificates unless InsecureSkipVerify is given. It is also included
+	// in the client's handshake to support virtual hosting.
 	ServerName string
 
 	// ClientAuth determines the server's policy for

diff --git a/tls.go b/tls.go
@@ -27,9 +27,8 @@ func Server(conn net.Conn, config *Config) *Conn {
 
 // Client returns a new TLS client side connection
 // using conn as the underlying transport.
-// Client interprets a nil configuration as equivalent to
-// the zero configuration; see the documentation of Config
-// for the defaults.
+// The config cannot be nil: users must set either ServerHostname or
+// InsecureSkipVerify in the config.
 func Client(conn net.Conn, config *Config) *Conn {
 	return &Conn{conn: conn, config: config, isClient: true}
 }