Update inline TLS verification docs for healthcheck and link checks

2026-06-28 06:56:06 +00:00 · 2026-03-09 12:44:39 +13:00
parent ab3fc5ead7
commit c1db706677
2 changed files with 3 additions and 1 deletions
--- a/cmd/readyz.go
+++ b/cmd/readyz.go
@@ -41,7 +41,8 @@ settings to determine the HTTP bind interface & port.
 			IdleConnTimeout:       time.Second * 5,
 			ExpectContinueTimeout: time.Second * 5,
 			TLSHandshakeTimeout:   time.Second * 5,
-			// do not verify TLS in case this instance is using HTTPS
+			// do not verify TLS if this instance is using HTTPS as we connect using IP
+			// so won't be the same as the cert
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // #nosec
 		}
 		client := &http.Client{Transport: conf}
--- a/internal/linkcheck/status.go
+++ b/internal/linkcheck/status.go
@@ -81,6 +81,7 @@ func doHead(link string, followRedirects bool) (int, error) {
 	}

 	if config.AllowUntrustedTLS {
+		// user has explicitly allowed untrusted TLS, so we will not verify it for link checks
 		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // #nosec
 	}