From b064a60a60fdaf3e06d592956be13ba7d8eaf893 Mon Sep 17 00:00:00 2001
From: Jorge Turrado <jorge.turrado@docplanner.com>
Date: Thu, 25 Nov 2021 10:57:18 +0100
Subject: [PATCH] Add message explaining this hack

Signed-off-by: Jorge Turrado <jorge.turrado@docplanner.com>
---
 pkg/util/tls_config.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/util/tls_config.go b/pkg/util/tls_config.go
index 41271d78537..909ff331b72 100644
--- a/pkg/util/tls_config.go
+++ b/pkg/util/tls_config.go
@@ -25,6 +25,8 @@ import (
 // NewTLSConfig returns a *tls.Config using the given ceClient cert, ceClient key,
 // and CA certificate. If none are appropriate, a nil *tls.Config is returned.
 func NewTLSConfig(clientCert, clientKey, caCert string) (*tls.Config, error) {
+	// skipVerify := true is a hack to avoid the CodeQL error related with allowing insecure certificates in production environments.
+	// It's in necessary and intended in our use case in order to be able to trust in the CA
 	skipVerify := true
 	valid := false