Revert "fix: Skip TLS certificate verification for HTTPS upstreams" (#4016)

Signed-off-by: EndlessSeeker <1766508902@qq.com>

pkg/ingress/kube/annotations/upstreamtls.go

@@ -170,9 +170,6 @@ func processMTLS(config *Ingress) *networking.ClientTLSSettings {
 func processSimple(config *Ingress) *networking.ClientTLSSettings {
 	tls := &networking.ClientTLSSettings{
 		Mode: networking.ClientTLSSettings_SIMPLE,
-		InsecureSkipVerify: &wrappers.BoolValue{
-			Value: true,
-		},
 	}
 
 	if config.UpstreamTLS.EnableSNI && config.UpstreamTLS.SNI != "" {

pkg/ingress/kube/annotations/upstreamtls_test.go

@@ -17,10 +17,8 @@ package annotations
 import (
 	"testing"
 
-	"github.com/golang/protobuf/ptypes/wrappers"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"google.golang.org/protobuf/testing/protocmp"
 	networking "istio.io/api/networking/v1alpha3"
 )
 
@@ -131,9 +129,6 @@ func TestApplyTrafficPolicy(t *testing.T) {
 				Tls: &networking.ClientTLSSettings{
 					Mode: networking.ClientTLSSettings_SIMPLE,
 					Sni:  "SNI",
-					InsecureSkipVerify: &wrappers.BoolValue{
-						Value: true,
-					},
 				},
 			},
 		},
@@ -163,9 +158,7 @@ func TestApplyTrafficPolicy(t *testing.T) {
 	for _, testCase := range testCases {
 		t.Run("", func(t *testing.T) {
 			parser.ApplyTrafficPolicy(nil, testCase.input, testCase.config)
-			if diff := cmp.Diff(testCase.expect, testCase.input, protocmp.Transform(),
+			if diff := cmp.Diff(testCase.expect, testCase.input, cmpopts.IgnoreUnexported(unexportedIgnoredTypes...)); diff != "" {
-				cmpopts.IgnoreUnexported(unexportedIgnoredTypes...),
-			); diff != "" {
 				t.Fatalf("TestApplyTrafficPolicy() mismatch (-want +got): \n%s", diff)
 			}
 		})