tls.Dial() validates hostname, no need to do that manually

Handshake() is still needed for tls.Client() code path. See kubernetes#109750

staging/src/k8s.io/apimachinery/pkg/util/proxy/dial.go

@@ -24,10 +24,9 @@ import (
 	"net/http"
 	"net/url"
 
-	"k8s.io/klog/v2"
-
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/third_party/forked/golang/netutil"
+	"k8s.io/klog/v2"
 )
 
 // dialURL will dial the specified URL using the underlying dialer held by the passed
@@ -109,21 +108,6 @@ func dialURL(ctx context.Context, url *url.URL, transport http.RoundTripper) (ne
 			}
 		}
 
-		// Return if we were configured to skip validation
-		if tlsConfig != nil && tlsConfig.InsecureSkipVerify {
-			return tlsConn, nil
-		}
-
-		// Verify
-		host, _, _ := net.SplitHostPort(dialAddr)
-		if tlsConfig != nil && len(tlsConfig.ServerName) > 0 {
-			host = tlsConfig.ServerName
-		}
-		if err := tlsConn.VerifyHostname(host); err != nil {
-			tlsConn.Close()
-			return nil, err
-		}
-
 		return tlsConn, nil
 	default:
 		return nil, fmt.Errorf("Unknown scheme: %s", url.Scheme)