[metricbeat] [helper] Fix http server helper SSL config (#39405)

* add changelog entry * fix TLS config * fix changelog pr id * golangci-lint fixes * mage check * fix http server ssl test * Update metricbeat/helper/server/http/http_test.go Co-authored-by: Tiago Queiroz <[email protected]> * fix changelog --------- Co-authored-by: Tiago Queiroz <[email protected]>
elastic · Oct 7, 2024 · 6d4fbfc · 6d4fbfc
1 parent 070db8e
commit 6d4fbfc
Show file tree

Hide file tree

Showing 3 changed files with 131 additions and 64 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -201,6 +201,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Remove excessive info-level logs in cgroups setup {pull}40491[40491]
 - Add missing ECS Cloud fields in GCP `metrics` metricset when using `exclude_labels: true` {issue}40437[40437] {pull}40467[40467]
 - Add AWS OwningAccount support for cross account monitoring {issue}40570[40570] {pull}40691[40691]
+- Fix http server helper SSL config. {pull}39405[39405]
 
 *Osquerybeat*
 

diff --git a/metricbeat/helper/server/http/http.go b/metricbeat/helper/server/http/http.go
@@ -19,10 +19,11 @@ package http
 
 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"strconv"
+	"time"
 
 	"github.com/elastic/beats/v7/metricbeat/helper/server"
 	"github.com/elastic/beats/v7/metricbeat/mb"
@@ -73,10 +74,11 @@ func getDefaultHttpServer(mb mb.BaseMetricSet) (*HttpServer, error) {
 	}
 
 	httpServer := &http.Server{
-		Addr: net.JoinHostPort(config.Host, strconv.Itoa(int(config.Port))),
+		Addr:              net.JoinHostPort(config.Host, strconv.Itoa(config.Port)),
+		ReadHeaderTimeout: 10 * time.Second,
 	}
 	if tlsConfig != nil {
-		httpServer.TLSConfig = tlsConfig.BuildModuleClientConfig(config.Host)
+		httpServer.TLSConfig = tlsConfig.BuildServerConfig(config.Host)
 	}
 	h.server = httpServer
 	return h, nil
@@ -126,7 +128,7 @@ func (h *HttpServer) Start() error {
 func (h *HttpServer) Stop() {
 	close(h.done)
 	h.stop()
-	h.server.Shutdown(h.ctx)
+	_ = h.server.Shutdown(h.ctx)
 	close(h.eventQueue)
 }
 
@@ -147,7 +149,7 @@ func (h *HttpServer) handleFunc(writer http.ResponseWriter, req *http.Request) {
 			meta["Content-Type"] = contentType
 		}
 
-		body, err := ioutil.ReadAll(req.Body)
+		body, err := io.ReadAll(req.Body)
 		if err != nil {
 			logp.Err("Error reading body: %v", err)
 			http.Error(writer, "Unexpected error reading request payload", http.StatusBadRequest)
@@ -168,9 +170,9 @@ func (h *HttpServer) handleFunc(writer http.ResponseWriter, req *http.Request) {
 	case "GET":
 		writer.WriteHeader(http.StatusOK)
 		if req.TLS != nil {
-			writer.Write([]byte("HTTPS Server accepts data via POST"))
+			_, _ = writer.Write([]byte("HTTPS Server accepts data via POST"))
 		} else {
-			writer.Write([]byte("HTTP Server accepts data via POST"))
+			_, _ = writer.Write([]byte("HTTP Server accepts data via POST"))
 		}
 
 	}

diff --git a/metricbeat/helper/server/http/http_test.go b/metricbeat/helper/server/http/http_test.go
@@ -23,8 +23,9 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"strconv"
@@ -141,63 +142,59 @@ func getHTTPServer(t *testing.T, host string, port int, connectionType string) (
 }
 
 func prepareTLSConfig(t *testing.T, host string) *tls.Config {
+
 	certPem := []byte(`-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIJAONBEV813hm6MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV
-BAYTAkJSMQswCQYDVQQIDAJTUDEPMA0GA1UEBwwGRlJBTkNBMRAwDgYDVQQKDAdF
-TEFTVElDMQswCQYDVQQLDAJPVTERMA8GA1UEAwwIaG9tZS5jb20xGDAWBgkqhkiG
-9w0BCQEWCWV1QGV1LmNvbTAeFw0xOTAzMjYxOTMxMjhaFw0yOTAzMjMxOTMxMjha
-MHcxCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTUDEPMA0GA1UEBwwGRlJBTkNBMRAw
-DgYDVQQKDAdFTEFTVElDMQswCQYDVQQLDAJPVTERMA8GA1UEAwwIaG9tZS5jb20x
-GDAWBgkqhkiG9w0BCQEWCWV1QGV1LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALOJ2dxpBsQtRvs2hSuUhDsf4w6G3swFqtIXLedPvz1rNuofm75G
-dA9pqXiI3hDw2ZuIJZItXE3FfVXxoE/ugsFw6cVLKrnpQ8exIv8K0JNuR22faFcR
-LmDx/YLw0wmOnM2maBSaetrM5F4CwoVqDmOwZHs9fbADqthAHrbCAzNTkqnx2B4/
-RWaYPbRWlSQ7CrWQE9cNJ/WMdUjznd5H0IiV7k/cHKIbXi3+JNinCWHAACWWS3ig
-DjjCZd9lHkDH6qSpNGsQU5y0eiFAiiBVPqDIdVfPRe4pC81z3Dp6Wqs0uHXHYHqB
-o3YWkXngTLlMLZtIMF+pWlCJZkscgLjL/N8CAwEAAaNQME4wHQYDVR0OBBYEFBpI
-Tu/9mmRqithdHZZMu5jRLHebMB8GA1UdIwQYMBaAFBpITu/9mmRqithdHZZMu5jR
-LHebMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGTS+cvN/vGjbkDF
-wZRG8xMeHPHzlCWKNEGwZXTTBADrjfnppW5I2f5cDZzg71+UzQSJmBmHKZd+adrW
-2GA888CAT+birIE6EAwIyq7ZGe77ymRspugyb7AK46QOKApED3izxId36Tk5/a0P
-QY3WOTC0Y4yvz++gbx/uviYDMoHuJl0nIEXqtT9OZ2V2GqCToJu300RV/MIRtk6s
-0U1d9CRDkjNolGVbYo2VnDJbZ8LQtJHS5iDeiEztay5Cky4NvVZsbCxrgNrr3h/v
-upHEJ28Q7QzMnRC7d/THI6fRW1mG6BuFT3WPW5K7EAfgQDlyyspTDrACrYTuWC+y
-013uTlI=
+MIIC9TCCAd2gAwIBAgIUa4hI3ZErW13j7zCXg1Ory+FhITYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MDUxNjIwNDIwMloYDzMwMjMw
+OTE3MjA0MjAyWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDJcUM8vV6vGTycqImCwu06NSsuIHdKukHQTuvHbRGP
+kXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7b9MTIZl4GheHvABuw0kuRos0/t4Y
+zCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoMeljV9dq/JKtaNNGKgztMcqWTSFPy
+c+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6bmn62Ocj7EgrLj75u0IAb2alQ9bL9
+cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwHcLiYNEKOtEx0Y4otiYLH98wlWJcl
+AtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8WBprm5lT5AgMBAAGjPTA7MBoGA1Ud
+EQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUjuHPOPincRSGgEC4DnOs
+RGR8MW4wDQYJKoZIhvcNAQELBQADggEBAIFdEIGhjWrQMDx5bjif21XOaBr61uKU
+3YnKMlX4bJrqjSy164SN0qBaurYUspam8YyC31IU3FSvulRoUVr3Y/VCpnfuDuEw
+c5C2XJWvslRUTqZ4TAopj1vvt7wcFOJixfH3PMMdA8sKArWxlV4LtPN8h5Det0qG
+F5D03fWQehviLetk7l/fdAElSoigGhJrb3HddfRcepvrWVpcUJEX3rdgwKh5RszN
+1WTX/kA6w5o7JAylybV5JNKvzbpfQOH4MQD8306FB+xFPSZHgXUWJ9bJE/CbR5vd
+onX6v9itbKD/hxMOZQ6HIn6F1fKK3JMJ77t35cJonwVHwV+/K2HJmNA=
 -----END CERTIFICATE-----`)
 
-	keyPem := []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAs4nZ3GkGxC1G+zaFK5SEOx/jDobezAWq0hct50+/PWs26h+b
-vkZ0D2mpeIjeEPDZm4glki1cTcV9VfGgT+6CwXDpxUsquelDx7Ei/wrQk25HbZ9o
-VxEuYPH9gvDTCY6czaZoFJp62szkXgLChWoOY7Bkez19sAOq2EAetsIDM1OSqfHY
-Hj9FZpg9tFaVJDsKtZAT1w0n9Yx1SPOd3kfQiJXuT9wcohteLf4k2KcJYcAAJZZL
-eKAOOMJl32UeQMfqpKk0axBTnLR6IUCKIFU+oMh1V89F7ikLzXPcOnpaqzS4dcdg
-eoGjdhaReeBMuUwtm0gwX6laUIlmSxyAuMv83wIDAQABAoIBAD1kY/T0jPXELcN1
-LzBpxpWZH8E16TWGspTIjE/Oeyx7XvnL+SulV8Z1cRfgZV8RnLeMZJyJmkiVwXgD
-+bebbWbMP4PRYjjURPMh5T+k6RGg4hfgLIOpQlywIuoFg4R/GatQvcJd2Ki861Ii
-S3XngCgihxmFO1dWybLMqjQAP6vq01sbctUXYddFd5STInzrceoXwkLjp3gTR1et
-FG+Anmzbxp8e2ETXvwuf7eZhVwCJ2DxBt7tx1j5Csuj1LjaVTe5qR7B1oM7/vo0b
-LlY9IixAAi62Rrv4YSvMAtMI6mQt+AM/4uBVqoG/ipgkuoQVuQ+M4lGdmEXwEEkz
-Ol7SlMECgYEA11tV+ZekVsujBmasTU7TfWtcYtRHh+FSC040bVLiE6XZbuVJ4sSA
-TvuUDs+3XM8blnkfVo826WY4+bKkj1PdCFsmG5pm+wnSTPFKWsCtsSyA3ts85t3O
-IvcCxXA/1xL9O/UdWfrl2+IJ3yLDEjEU5QTYP34+KDBZM3u6tJzjWe8CgYEA1WwA
-8d75h9UQyFXWEOiwJmR6yX7PGkpYE3J7m2p2giEbLm+9no5CEmE9T74k3m0eLZug
-g/F1MA/evhXEYho6f+lS9Q0ZdtyU2EFrdvuLlUw6FJIWnaOLlVR/aC6BvAlxLDRb
-RUGqDKDjl1Die0s8F1aDHGvNvGaZRN4Z23BRPBECgYBE8pMGA8yzlSKui/SiE5iW
-UOcVJQ15rWPNBs62KZED5VdFr9cF6Q+DOfxe+ZWk+xHEDSdBWTylYPrgxpb05E6h
-vDzpHXfW64AO7jl18LYrQSpJLzvCVkUG4LpcZ+GohAXbSlCJXFB3I1kxvTli+5/K
-6tApE8vmpgQI/ZX6+Te4tQKBgBcQ3C1H5voaOf0c4czkCR2tIGQkk2eI/2nipp9O
-a053G4PySbEYOOXZopG6wCtV6bwOJNP9xaeTH4S1v4rGwOnQIsofR1BEWMXilCXA
-2/4fxesxOsaAxXY3Mqnk1NqovpWDdxXOGf3RaaeR81hV8kGndPYeZJbnE8uQoYTI
-586xAoGBAI2SR17xbgfiQBZxgGqamslz4NqBkZUBs4DIAGMAXS21rW/2bbbRaSii
-mGmkdaXx+l077AuO0peX2uBvJAx6PvAVW0qroeOLcCo6EuUGTNVhBej6L9hMwhIO
-r0tZLlMt75zcnJBicMbIrrzIGVYMHjT+m1QTGbrGb/tcEIGtmXwO
------END RSA PRIVATE KEY-----`)
+	keyPem := []byte(`-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJcUM8vV6vGTyc
+qImCwu06NSsuIHdKukHQTuvHbRGPkXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7
+b9MTIZl4GheHvABuw0kuRos0/t4YzCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoM
+eljV9dq/JKtaNNGKgztMcqWTSFPyc+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6b
+mn62Ocj7EgrLj75u0IAb2alQ9bL9cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwH
+cLiYNEKOtEx0Y4otiYLH98wlWJclAtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8W
+Bprm5lT5AgMBAAECggEAEYpJsv/AP1ngs7lfI+IqOt/HT0BncrvOID/G+vntxgUC
+fNRcn/cgMJ6r3xuKTcDqNir1BwTw3gM9MG+3vto1nUYUV27Q0NQzSpK861Pn7dvU
+aNmz5CUizLbNovIZdVtghXzgFEnncYdb3ptGofbC4dLlErk3p6punuT6stzg5mL2
+y/2yHBrfQEnuDRI8pQ5Vcuo24GioZqWiS35qVGLbonvor0DKv4lkNjMix6ulwwb+
+3rvEAhTOhgYKe7h6RjKnc4SbIsnSpGzhC9M7hLF+F57GIw61uaJnISfkuw/FGhaR
+XkeyV8TB8MDTgP30+7xam6pvB2rKcRsrVgPmLC7WgQKBgQDRHgRHDTgpBSx9F+N6
+6KU01g5cemxKVBHMm5L2n99YpR9BoiWViKkFWAWALmRlq/nFk22hq4t2+niH/6a+
+0ioAhIOnZZTXK/n5DsBCdqg1d1ZO4ih4Iw1/TR1iIR0M8ptkIBGVWKslV8OKQNd4
+zNUCmDzb8pmuzVKjwVs7ca9HmQKBgQD2msK7eh81A2dxXPl1chcudFB33zMwA1Y0
+3ZEPsGAinvU5ILwwMlg1w7N1NKwcDYiBkJG1SCoujoTsYoXMKjnlgf5uoklfJJBI
+U3QKYMGDRdlqE02V31KBVcv/EdNR8olfjy1xbgCKu04rYnCPGLSLNc6MgcSMYnLr
+y9rZlq5UYQKBgQCi0K4f6+j39zFGTF0vCwfl9WvFEQRTctVQ6ygnoR4yVI3bejWt
+EXQX1wqhXH2Ks7WK4ViQcZHqluVVbfUTyWoucP5YTTzvsyuzgIqstNoOltW6IVfF
+AfW2UgI4rvOBazsVX+qQzzKhpo12jTm2sjR/Cq0HywFhGjfni9pOlBsWsQKBgQDz
+3IbFLja+Dee1SuPFKFWUMqGAaNANor8U+CYDBb+LfPWy0JRIdQCV6jkEplmsRBXB
+Sl1Mj1hnQbhgqez1wKwQMUSR0xoLY/TqENynhpbWYbRmGUCX/IdyLo3UZqQ6XUVL
+oiKmEMmoZyEd9fKpDx06rLLcb1cWHCTY2HZKxZ8PAQKBgF3ftzNurXMCBH9W2RkI
+hHhpHArwSLCsDVeGpS6vYDz+EX+RP1t1jJZbTRyOkk/X5RNVA3Yup6Lw8ANWqpPJ
+MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO
+8hd7Y6EEu0Lwkc3GnoQUwzRh
+-----END PRIVATE KEY-----`)
 
 	cfg := &tls.Config{
-		ServerName:         host,
-		MinVersion:         tls.VersionTLS12,
-		MaxVersion:         tls.VersionTLS12,
-		InsecureSkipVerify: true,
+		ServerName: host,
+		MinVersion: tls.VersionTLS12,
+		MaxVersion: tls.VersionTLS12,
 	}
 	cfg.Certificates = make([]tls.Certificate, 1)
 	cert, err := tls.X509KeyPair(certPem, keyPem)
@@ -213,12 +210,79 @@ func writeToServer(t *testing.T, message, host string, port int, connectionMetho
 	var str = []byte(message)
 	req, err := http.NewRequest(connectionMethod, url, bytes.NewBuffer(str))
 	req.Header.Set("Content-Type", "text/plain")
+
 	client := &http.Client{}
+
+	certPem := []byte(`-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIUa4hI3ZErW13j7zCXg1Ory+FhITYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MDUxNjIwNDIwMloYDzMwMjMw
+OTE3MjA0MjAyWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDJcUM8vV6vGTycqImCwu06NSsuIHdKukHQTuvHbRGP
+kXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7b9MTIZl4GheHvABuw0kuRos0/t4Y
+zCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoMeljV9dq/JKtaNNGKgztMcqWTSFPy
+c+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6bmn62Ocj7EgrLj75u0IAb2alQ9bL9
+cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwHcLiYNEKOtEx0Y4otiYLH98wlWJcl
+AtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8WBprm5lT5AgMBAAGjPTA7MBoGA1Ud
+EQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUjuHPOPincRSGgEC4DnOs
+RGR8MW4wDQYJKoZIhvcNAQELBQADggEBAIFdEIGhjWrQMDx5bjif21XOaBr61uKU
+3YnKMlX4bJrqjSy164SN0qBaurYUspam8YyC31IU3FSvulRoUVr3Y/VCpnfuDuEw
+c5C2XJWvslRUTqZ4TAopj1vvt7wcFOJixfH3PMMdA8sKArWxlV4LtPN8h5Det0qG
+F5D03fWQehviLetk7l/fdAElSoigGhJrb3HddfRcepvrWVpcUJEX3rdgwKh5RszN
+1WTX/kA6w5o7JAylybV5JNKvzbpfQOH4MQD8306FB+xFPSZHgXUWJ9bJE/CbR5vd
+onX6v9itbKD/hxMOZQ6HIn6F1fKK3JMJ77t35cJonwVHwV+/K2HJmNA=
+-----END CERTIFICATE-----`)
+
+	keyPem := []byte(`-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJcUM8vV6vGTyc
+qImCwu06NSsuIHdKukHQTuvHbRGPkXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7
+b9MTIZl4GheHvABuw0kuRos0/t4YzCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoM
+eljV9dq/JKtaNNGKgztMcqWTSFPyc+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6b
+mn62Ocj7EgrLj75u0IAb2alQ9bL9cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwH
+cLiYNEKOtEx0Y4otiYLH98wlWJclAtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8W
+Bprm5lT5AgMBAAECggEAEYpJsv/AP1ngs7lfI+IqOt/HT0BncrvOID/G+vntxgUC
+fNRcn/cgMJ6r3xuKTcDqNir1BwTw3gM9MG+3vto1nUYUV27Q0NQzSpK861Pn7dvU
+aNmz5CUizLbNovIZdVtghXzgFEnncYdb3ptGofbC4dLlErk3p6punuT6stzg5mL2
+y/2yHBrfQEnuDRI8pQ5Vcuo24GioZqWiS35qVGLbonvor0DKv4lkNjMix6ulwwb+
+3rvEAhTOhgYKe7h6RjKnc4SbIsnSpGzhC9M7hLF+F57GIw61uaJnISfkuw/FGhaR
+XkeyV8TB8MDTgP30+7xam6pvB2rKcRsrVgPmLC7WgQKBgQDRHgRHDTgpBSx9F+N6
+6KU01g5cemxKVBHMm5L2n99YpR9BoiWViKkFWAWALmRlq/nFk22hq4t2+niH/6a+
+0ioAhIOnZZTXK/n5DsBCdqg1d1ZO4ih4Iw1/TR1iIR0M8ptkIBGVWKslV8OKQNd4
+zNUCmDzb8pmuzVKjwVs7ca9HmQKBgQD2msK7eh81A2dxXPl1chcudFB33zMwA1Y0
+3ZEPsGAinvU5ILwwMlg1w7N1NKwcDYiBkJG1SCoujoTsYoXMKjnlgf5uoklfJJBI
+U3QKYMGDRdlqE02V31KBVcv/EdNR8olfjy1xbgCKu04rYnCPGLSLNc6MgcSMYnLr
+y9rZlq5UYQKBgQCi0K4f6+j39zFGTF0vCwfl9WvFEQRTctVQ6ygnoR4yVI3bejWt
+EXQX1wqhXH2Ks7WK4ViQcZHqluVVbfUTyWoucP5YTTzvsyuzgIqstNoOltW6IVfF
+AfW2UgI4rvOBazsVX+qQzzKhpo12jTm2sjR/Cq0HywFhGjfni9pOlBsWsQKBgQDz
+3IbFLja+Dee1SuPFKFWUMqGAaNANor8U+CYDBb+LfPWy0JRIdQCV6jkEplmsRBXB
+Sl1Mj1hnQbhgqez1wKwQMUSR0xoLY/TqENynhpbWYbRmGUCX/IdyLo3UZqQ6XUVL
+oiKmEMmoZyEd9fKpDx06rLLcb1cWHCTY2HZKxZ8PAQKBgF3ftzNurXMCBH9W2RkI
+hHhpHArwSLCsDVeGpS6vYDz+EX+RP1t1jJZbTRyOkk/X5RNVA3Yup6Lw8ANWqpPJ
+MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO
+8hd7Y6EEu0Lwkc3GnoQUwzRh
+-----END PRIVATE KEY-----`)
+
+	certPool := x509.NewCertPool()
+	if ok := certPool.AppendCertsFromPEM(certPem); !ok {
+		t.Fatal("failed to append server certificate to the pool")
+	}
+
+	cfg := &tls.Config{
+		ServerName: host,
+		MinVersion: tls.VersionTLS12,
+		MaxVersion: tls.VersionTLS12,
+		RootCAs:    certPool,
+	}
+	cfg.Certificates = make([]tls.Certificate, 1)
+	cert, err := tls.X509KeyPair(certPem, keyPem)
+	if err != nil {
+		t.Error(err)
+	}
+	cfg.Certificates = []tls.Certificate{cert}
+
 	if connectionType == "HTTPS" {
 		client.Transport = &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true, // test server certificate is not trusted.
-			}}
+			TLSClientConfig: cfg,
+		}
 	}
 	resp, err := client.Do(req)
 	if err != nil {
@@ -230,7 +294,7 @@ func writeToServer(t *testing.T, message, host string, port int, connectionMetho
 
 	if connectionMethod == "GET" {
 		if resp.StatusCode == http.StatusOK {
-			bodyBytes, err2 := ioutil.ReadAll(resp.Body)
+			bodyBytes, err2 := io.ReadAll(resp.Body)
 			if err2 != nil {
 				t.Error(err)
 				t.FailNow()