New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls.Dial() validates hostname, no need to do that manually #110029
tls.Dial() validates hostname, no need to do that manually #110029
Conversation
/sig api-machinery |
/assign @liggitt |
@@ -101,6 +100,21 @@ func dialURL(ctx context.Context, url *url.URL, transport http.RoundTripper) (ne | |||
return nil, err | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
according to #109750, Handshake validates host... why is this still needed for this path?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, should this switch to HandshakeContext (and tls.Dial below switch to tls.Dialer#DialContext?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this still needed for this path?
It's not, removed. Sorry about that.
also, should this switch to HandshakeContext (and tls.Dial below switch to tls.Dialer#DialContext?)
I wanted to do that in a separate PR in the whole codebase, if you don't mind.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Follow up #110079
would like a second set of eyes on this as well |
Handshake() is still needed for tls.Client() code path. See kubernetes#109750
76bf707
to
29dc50c
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ash2k, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
+1 |
/triage accepted |
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
tls.Dial()
validates hostname, no need to do that manually.VerifyHostname()
is still needed for thetls.Client()
code path. See #109750.Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: