tls.Dial() validates hostname, no need to do that manually

Handshake() is still needed for tls.Client() code path. See kubernetes/kubernetes#109750 Kubernetes-commit: 29dc50c149a85eba490bbaf3df9758fd371ece12
kubernetes · May 16, 2022 · 4f2ae94 · 4f2ae94
1 parent 28c7554
commit 4f2ae94
Showing 1 changed file with 1 addition and 17 deletions.
diff --git a/pkg/util/proxy/dial.go b/pkg/util/proxy/dial.go
@@ -24,10 +24,9 @@ import (
 	"net/http"
 	"net/url"
 
-	"k8s.io/klog/v2"
-
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/third_party/forked/golang/netutil"
+	"k8s.io/klog/v2"
 )
 
 // dialURL will dial the specified URL using the underlying dialer held by the passed
@@ -109,21 +108,6 @@ func dialURL(ctx context.Context, url *url.URL, transport http.RoundTripper) (ne
 			}
 		}
 
-		// Return if we were configured to skip validation
-		if tlsConfig != nil && tlsConfig.InsecureSkipVerify {
-			return tlsConn, nil
-		}
-
-		// Verify
-		host, _, _ := net.SplitHostPort(dialAddr)
-		if tlsConfig != nil && len(tlsConfig.ServerName) > 0 {
-			host = tlsConfig.ServerName
-		}
-		if err := tlsConn.VerifyHostname(host); err != nil {
-			tlsConn.Close()
-			return nil, err
-		}
-
 		return tlsConn, nil
 	default:
 		return nil, fmt.Errorf("Unknown scheme: %s", url.Scheme)