From 3bca69c7452153c45b83810f842daaccc2854d19 Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Thu, 5 Feb 2026 10:14:30 +0800
Subject: [PATCH] chore: add some comments for the fingerprint verifier

---
 component/ca/config.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/component/ca/config.go b/component/ca/config.go
index 2f582660..ab401cc9 100644
--- a/component/ca/config.go
+++ b/component/ca/config.go
@@ -103,6 +103,9 @@ func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) {
 			return nil, err
 		}
 		tlsConfig.VerifyConnection = func(state tls.ConnectionState) error {
+			// [ConnectionState.ServerName] can return the actual ServerName needed for verification,
+			// avoiding inconsistencies caused by [tlsConfig.ServerName] being modified after the [NewFingerprintVerifier] call.
+			// https://github.com/golang/go/issues/36736#issuecomment-587925536
 			return verifier(state.PeerCertificates, state.ServerName)
 		}
 		tlsConfig.InsecureSkipVerify = true