From 6d4fbfc3487508bb5af764b428a46259fea10909 Mon Sep 17 00:00:00 2001 From: Gabriel Pop <94497545+gpop63@users.noreply.github.com> Date: Mon, 7 Oct 2024 20:59:38 +0300 Subject: [PATCH] [metricbeat] [helper] Fix http server helper SSL config (#39405) * add changelog entry * fix TLS config * fix changelog pr id * golangci-lint fixes * mage check * fix http server ssl test * Update metricbeat/helper/server/http/http_test.go Co-authored-by: Tiago Queiroz * fix changelog --------- Co-authored-by: Tiago Queiroz --- CHANGELOG.next.asciidoc | 1 + metricbeat/helper/server/http/http.go | 16 +- metricbeat/helper/server/http/http_test.go | 178 ++++++++++++++------- 3 files changed, 131 insertions(+), 64 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index dc9d0f457ff8..46a17a8fea97 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -201,6 +201,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Remove excessive info-level logs in cgroups setup {pull}40491[40491] - Add missing ECS Cloud fields in GCP `metrics` metricset when using `exclude_labels: true` {issue}40437[40437] {pull}40467[40467] - Add AWS OwningAccount support for cross account monitoring {issue}40570[40570] {pull}40691[40691] +- Fix http server helper SSL config. {pull}39405[39405] *Osquerybeat* diff --git a/metricbeat/helper/server/http/http.go b/metricbeat/helper/server/http/http.go index 782b0938471a..4665a30eeab7 100644 --- a/metricbeat/helper/server/http/http.go +++ b/metricbeat/helper/server/http/http.go @@ -19,10 +19,11 @@ package http import ( "context" - "io/ioutil" + "io" "net" "net/http" "strconv" + "time" "github.com/elastic/beats/v7/metricbeat/helper/server" "github.com/elastic/beats/v7/metricbeat/mb" @@ -73,10 +74,11 @@ func getDefaultHttpServer(mb mb.BaseMetricSet) (*HttpServer, error) { } httpServer := &http.Server{ - Addr: net.JoinHostPort(config.Host, strconv.Itoa(int(config.Port))), + Addr: net.JoinHostPort(config.Host, strconv.Itoa(config.Port)), + ReadHeaderTimeout: 10 * time.Second, } if tlsConfig != nil { - httpServer.TLSConfig = tlsConfig.BuildModuleClientConfig(config.Host) + httpServer.TLSConfig = tlsConfig.BuildServerConfig(config.Host) } h.server = httpServer return h, nil @@ -126,7 +128,7 @@ func (h *HttpServer) Start() error { func (h *HttpServer) Stop() { close(h.done) h.stop() - h.server.Shutdown(h.ctx) + _ = h.server.Shutdown(h.ctx) close(h.eventQueue) } @@ -147,7 +149,7 @@ func (h *HttpServer) handleFunc(writer http.ResponseWriter, req *http.Request) { meta["Content-Type"] = contentType } - body, err := ioutil.ReadAll(req.Body) + body, err := io.ReadAll(req.Body) if err != nil { logp.Err("Error reading body: %v", err) http.Error(writer, "Unexpected error reading request payload", http.StatusBadRequest) @@ -168,9 +170,9 @@ func (h *HttpServer) handleFunc(writer http.ResponseWriter, req *http.Request) { case "GET": writer.WriteHeader(http.StatusOK) if req.TLS != nil { - writer.Write([]byte("HTTPS Server accepts data via POST")) + _, _ = writer.Write([]byte("HTTPS Server accepts data via POST")) } else { - writer.Write([]byte("HTTP Server accepts data via POST")) + _, _ = writer.Write([]byte("HTTP Server accepts data via POST")) } } diff --git a/metricbeat/helper/server/http/http_test.go b/metricbeat/helper/server/http/http_test.go index 7decdd821be4..9b5e8a330907 100644 --- a/metricbeat/helper/server/http/http_test.go +++ b/metricbeat/helper/server/http/http_test.go @@ -23,8 +23,9 @@ import ( "bytes" "context" "crypto/tls" + "crypto/x509" "fmt" - "io/ioutil" + "io" "net" "net/http" "strconv" @@ -141,63 +142,59 @@ func getHTTPServer(t *testing.T, host string, port int, connectionType string) ( } func prepareTLSConfig(t *testing.T, host string) *tls.Config { + certPem := []byte(`-----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIJAONBEV813hm6MA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV -BAYTAkJSMQswCQYDVQQIDAJTUDEPMA0GA1UEBwwGRlJBTkNBMRAwDgYDVQQKDAdF -TEFTVElDMQswCQYDVQQLDAJPVTERMA8GA1UEAwwIaG9tZS5jb20xGDAWBgkqhkiG -9w0BCQEWCWV1QGV1LmNvbTAeFw0xOTAzMjYxOTMxMjhaFw0yOTAzMjMxOTMxMjha -MHcxCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTUDEPMA0GA1UEBwwGRlJBTkNBMRAw -DgYDVQQKDAdFTEFTVElDMQswCQYDVQQLDAJPVTERMA8GA1UEAwwIaG9tZS5jb20x -GDAWBgkqhkiG9w0BCQEWCWV1QGV1LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALOJ2dxpBsQtRvs2hSuUhDsf4w6G3swFqtIXLedPvz1rNuofm75G -dA9pqXiI3hDw2ZuIJZItXE3FfVXxoE/ugsFw6cVLKrnpQ8exIv8K0JNuR22faFcR -LmDx/YLw0wmOnM2maBSaetrM5F4CwoVqDmOwZHs9fbADqthAHrbCAzNTkqnx2B4/ -RWaYPbRWlSQ7CrWQE9cNJ/WMdUjznd5H0IiV7k/cHKIbXi3+JNinCWHAACWWS3ig -DjjCZd9lHkDH6qSpNGsQU5y0eiFAiiBVPqDIdVfPRe4pC81z3Dp6Wqs0uHXHYHqB -o3YWkXngTLlMLZtIMF+pWlCJZkscgLjL/N8CAwEAAaNQME4wHQYDVR0OBBYEFBpI -Tu/9mmRqithdHZZMu5jRLHebMB8GA1UdIwQYMBaAFBpITu/9mmRqithdHZZMu5jR -LHebMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGTS+cvN/vGjbkDF -wZRG8xMeHPHzlCWKNEGwZXTTBADrjfnppW5I2f5cDZzg71+UzQSJmBmHKZd+adrW -2GA888CAT+birIE6EAwIyq7ZGe77ymRspugyb7AK46QOKApED3izxId36Tk5/a0P -QY3WOTC0Y4yvz++gbx/uviYDMoHuJl0nIEXqtT9OZ2V2GqCToJu300RV/MIRtk6s -0U1d9CRDkjNolGVbYo2VnDJbZ8LQtJHS5iDeiEztay5Cky4NvVZsbCxrgNrr3h/v -upHEJ28Q7QzMnRC7d/THI6fRW1mG6BuFT3WPW5K7EAfgQDlyyspTDrACrYTuWC+y -013uTlI= +MIIC9TCCAd2gAwIBAgIUa4hI3ZErW13j7zCXg1Ory+FhITYwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MDUxNjIwNDIwMloYDzMwMjMw +OTE3MjA0MjAyWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDJcUM8vV6vGTycqImCwu06NSsuIHdKukHQTuvHbRGP +kXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7b9MTIZl4GheHvABuw0kuRos0/t4Y +zCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoMeljV9dq/JKtaNNGKgztMcqWTSFPy +c+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6bmn62Ocj7EgrLj75u0IAb2alQ9bL9 +cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwHcLiYNEKOtEx0Y4otiYLH98wlWJcl +AtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8WBprm5lT5AgMBAAGjPTA7MBoGA1Ud +EQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUjuHPOPincRSGgEC4DnOs +RGR8MW4wDQYJKoZIhvcNAQELBQADggEBAIFdEIGhjWrQMDx5bjif21XOaBr61uKU +3YnKMlX4bJrqjSy164SN0qBaurYUspam8YyC31IU3FSvulRoUVr3Y/VCpnfuDuEw +c5C2XJWvslRUTqZ4TAopj1vvt7wcFOJixfH3PMMdA8sKArWxlV4LtPN8h5Det0qG +F5D03fWQehviLetk7l/fdAElSoigGhJrb3HddfRcepvrWVpcUJEX3rdgwKh5RszN +1WTX/kA6w5o7JAylybV5JNKvzbpfQOH4MQD8306FB+xFPSZHgXUWJ9bJE/CbR5vd +onX6v9itbKD/hxMOZQ6HIn6F1fKK3JMJ77t35cJonwVHwV+/K2HJmNA= -----END CERTIFICATE-----`) - keyPem := []byte(`-----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAs4nZ3GkGxC1G+zaFK5SEOx/jDobezAWq0hct50+/PWs26h+b -vkZ0D2mpeIjeEPDZm4glki1cTcV9VfGgT+6CwXDpxUsquelDx7Ei/wrQk25HbZ9o -VxEuYPH9gvDTCY6czaZoFJp62szkXgLChWoOY7Bkez19sAOq2EAetsIDM1OSqfHY -Hj9FZpg9tFaVJDsKtZAT1w0n9Yx1SPOd3kfQiJXuT9wcohteLf4k2KcJYcAAJZZL -eKAOOMJl32UeQMfqpKk0axBTnLR6IUCKIFU+oMh1V89F7ikLzXPcOnpaqzS4dcdg -eoGjdhaReeBMuUwtm0gwX6laUIlmSxyAuMv83wIDAQABAoIBAD1kY/T0jPXELcN1 -LzBpxpWZH8E16TWGspTIjE/Oeyx7XvnL+SulV8Z1cRfgZV8RnLeMZJyJmkiVwXgD -+bebbWbMP4PRYjjURPMh5T+k6RGg4hfgLIOpQlywIuoFg4R/GatQvcJd2Ki861Ii -S3XngCgihxmFO1dWybLMqjQAP6vq01sbctUXYddFd5STInzrceoXwkLjp3gTR1et -FG+Anmzbxp8e2ETXvwuf7eZhVwCJ2DxBt7tx1j5Csuj1LjaVTe5qR7B1oM7/vo0b -LlY9IixAAi62Rrv4YSvMAtMI6mQt+AM/4uBVqoG/ipgkuoQVuQ+M4lGdmEXwEEkz -Ol7SlMECgYEA11tV+ZekVsujBmasTU7TfWtcYtRHh+FSC040bVLiE6XZbuVJ4sSA -TvuUDs+3XM8blnkfVo826WY4+bKkj1PdCFsmG5pm+wnSTPFKWsCtsSyA3ts85t3O -IvcCxXA/1xL9O/UdWfrl2+IJ3yLDEjEU5QTYP34+KDBZM3u6tJzjWe8CgYEA1WwA -8d75h9UQyFXWEOiwJmR6yX7PGkpYE3J7m2p2giEbLm+9no5CEmE9T74k3m0eLZug -g/F1MA/evhXEYho6f+lS9Q0ZdtyU2EFrdvuLlUw6FJIWnaOLlVR/aC6BvAlxLDRb -RUGqDKDjl1Die0s8F1aDHGvNvGaZRN4Z23BRPBECgYBE8pMGA8yzlSKui/SiE5iW -UOcVJQ15rWPNBs62KZED5VdFr9cF6Q+DOfxe+ZWk+xHEDSdBWTylYPrgxpb05E6h -vDzpHXfW64AO7jl18LYrQSpJLzvCVkUG4LpcZ+GohAXbSlCJXFB3I1kxvTli+5/K -6tApE8vmpgQI/ZX6+Te4tQKBgBcQ3C1H5voaOf0c4czkCR2tIGQkk2eI/2nipp9O -a053G4PySbEYOOXZopG6wCtV6bwOJNP9xaeTH4S1v4rGwOnQIsofR1BEWMXilCXA -2/4fxesxOsaAxXY3Mqnk1NqovpWDdxXOGf3RaaeR81hV8kGndPYeZJbnE8uQoYTI -586xAoGBAI2SR17xbgfiQBZxgGqamslz4NqBkZUBs4DIAGMAXS21rW/2bbbRaSii -mGmkdaXx+l077AuO0peX2uBvJAx6PvAVW0qroeOLcCo6EuUGTNVhBej6L9hMwhIO -r0tZLlMt75zcnJBicMbIrrzIGVYMHjT+m1QTGbrGb/tcEIGtmXwO ------END RSA PRIVATE KEY-----`) + keyPem := []byte(`-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJcUM8vV6vGTyc +qImCwu06NSsuIHdKukHQTuvHbRGPkXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7 +b9MTIZl4GheHvABuw0kuRos0/t4YzCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoM +eljV9dq/JKtaNNGKgztMcqWTSFPyc+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6b +mn62Ocj7EgrLj75u0IAb2alQ9bL9cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwH +cLiYNEKOtEx0Y4otiYLH98wlWJclAtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8W +Bprm5lT5AgMBAAECggEAEYpJsv/AP1ngs7lfI+IqOt/HT0BncrvOID/G+vntxgUC +fNRcn/cgMJ6r3xuKTcDqNir1BwTw3gM9MG+3vto1nUYUV27Q0NQzSpK861Pn7dvU +aNmz5CUizLbNovIZdVtghXzgFEnncYdb3ptGofbC4dLlErk3p6punuT6stzg5mL2 +y/2yHBrfQEnuDRI8pQ5Vcuo24GioZqWiS35qVGLbonvor0DKv4lkNjMix6ulwwb+ +3rvEAhTOhgYKe7h6RjKnc4SbIsnSpGzhC9M7hLF+F57GIw61uaJnISfkuw/FGhaR +XkeyV8TB8MDTgP30+7xam6pvB2rKcRsrVgPmLC7WgQKBgQDRHgRHDTgpBSx9F+N6 +6KU01g5cemxKVBHMm5L2n99YpR9BoiWViKkFWAWALmRlq/nFk22hq4t2+niH/6a+ +0ioAhIOnZZTXK/n5DsBCdqg1d1ZO4ih4Iw1/TR1iIR0M8ptkIBGVWKslV8OKQNd4 +zNUCmDzb8pmuzVKjwVs7ca9HmQKBgQD2msK7eh81A2dxXPl1chcudFB33zMwA1Y0 +3ZEPsGAinvU5ILwwMlg1w7N1NKwcDYiBkJG1SCoujoTsYoXMKjnlgf5uoklfJJBI +U3QKYMGDRdlqE02V31KBVcv/EdNR8olfjy1xbgCKu04rYnCPGLSLNc6MgcSMYnLr +y9rZlq5UYQKBgQCi0K4f6+j39zFGTF0vCwfl9WvFEQRTctVQ6ygnoR4yVI3bejWt +EXQX1wqhXH2Ks7WK4ViQcZHqluVVbfUTyWoucP5YTTzvsyuzgIqstNoOltW6IVfF +AfW2UgI4rvOBazsVX+qQzzKhpo12jTm2sjR/Cq0HywFhGjfni9pOlBsWsQKBgQDz +3IbFLja+Dee1SuPFKFWUMqGAaNANor8U+CYDBb+LfPWy0JRIdQCV6jkEplmsRBXB +Sl1Mj1hnQbhgqez1wKwQMUSR0xoLY/TqENynhpbWYbRmGUCX/IdyLo3UZqQ6XUVL +oiKmEMmoZyEd9fKpDx06rLLcb1cWHCTY2HZKxZ8PAQKBgF3ftzNurXMCBH9W2RkI +hHhpHArwSLCsDVeGpS6vYDz+EX+RP1t1jJZbTRyOkk/X5RNVA3Yup6Lw8ANWqpPJ +MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO +8hd7Y6EEu0Lwkc3GnoQUwzRh +-----END PRIVATE KEY-----`) cfg := &tls.Config{ - ServerName: host, - MinVersion: tls.VersionTLS12, - MaxVersion: tls.VersionTLS12, - InsecureSkipVerify: true, + ServerName: host, + MinVersion: tls.VersionTLS12, + MaxVersion: tls.VersionTLS12, } cfg.Certificates = make([]tls.Certificate, 1) cert, err := tls.X509KeyPair(certPem, keyPem) @@ -213,12 +210,79 @@ func writeToServer(t *testing.T, message, host string, port int, connectionMetho var str = []byte(message) req, err := http.NewRequest(connectionMethod, url, bytes.NewBuffer(str)) req.Header.Set("Content-Type", "text/plain") + client := &http.Client{} + + certPem := []byte(`-----BEGIN CERTIFICATE----- +MIIC9TCCAd2gAwIBAgIUa4hI3ZErW13j7zCXg1Ory+FhITYwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI0MDUxNjIwNDIwMloYDzMwMjMw +OTE3MjA0MjAyWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDJcUM8vV6vGTycqImCwu06NSsuIHdKukHQTuvHbRGP +kXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7b9MTIZl4GheHvABuw0kuRos0/t4Y +zCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoMeljV9dq/JKtaNNGKgztMcqWTSFPy +c+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6bmn62Ocj7EgrLj75u0IAb2alQ9bL9 +cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwHcLiYNEKOtEx0Y4otiYLH98wlWJcl +AtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8WBprm5lT5AgMBAAGjPTA7MBoGA1Ud +EQQTMBGHBH8AAAGCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUjuHPOPincRSGgEC4DnOs +RGR8MW4wDQYJKoZIhvcNAQELBQADggEBAIFdEIGhjWrQMDx5bjif21XOaBr61uKU +3YnKMlX4bJrqjSy164SN0qBaurYUspam8YyC31IU3FSvulRoUVr3Y/VCpnfuDuEw +c5C2XJWvslRUTqZ4TAopj1vvt7wcFOJixfH3PMMdA8sKArWxlV4LtPN8h5Det0qG +F5D03fWQehviLetk7l/fdAElSoigGhJrb3HddfRcepvrWVpcUJEX3rdgwKh5RszN +1WTX/kA6w5o7JAylybV5JNKvzbpfQOH4MQD8306FB+xFPSZHgXUWJ9bJE/CbR5vd +onX6v9itbKD/hxMOZQ6HIn6F1fKK3JMJ77t35cJonwVHwV+/K2HJmNA= +-----END CERTIFICATE-----`) + + keyPem := []byte(`-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJcUM8vV6vGTyc +qImCwu06NSsuIHdKukHQTuvHbRGPkXwlXNDMYEdoUX1mPArqGFunrQ9/myWoqQA7 +b9MTIZl4GheHvABuw0kuRos0/t4YzCFRRV27ATswAYp/WVBvHRZEedLJj25x8DoM +eljV9dq/JKtaNNGKgztMcqWTSFPyc+pDSSgRiP/sDebUhRaLXUhRVMsud9Wlwf6b +mn62Ocj7EgrLj75u0IAb2alQ9bL9cLAPAi0/KFx4nl8tCMQUXYM0PyNCkSM8wdwH +cLiYNEKOtEx0Y4otiYLH98wlWJclAtMzHk5IexcTfCGzOk1fau3gNxbM9fH3+C8W +Bprm5lT5AgMBAAECggEAEYpJsv/AP1ngs7lfI+IqOt/HT0BncrvOID/G+vntxgUC +fNRcn/cgMJ6r3xuKTcDqNir1BwTw3gM9MG+3vto1nUYUV27Q0NQzSpK861Pn7dvU +aNmz5CUizLbNovIZdVtghXzgFEnncYdb3ptGofbC4dLlErk3p6punuT6stzg5mL2 +y/2yHBrfQEnuDRI8pQ5Vcuo24GioZqWiS35qVGLbonvor0DKv4lkNjMix6ulwwb+ +3rvEAhTOhgYKe7h6RjKnc4SbIsnSpGzhC9M7hLF+F57GIw61uaJnISfkuw/FGhaR +XkeyV8TB8MDTgP30+7xam6pvB2rKcRsrVgPmLC7WgQKBgQDRHgRHDTgpBSx9F+N6 +6KU01g5cemxKVBHMm5L2n99YpR9BoiWViKkFWAWALmRlq/nFk22hq4t2+niH/6a+ +0ioAhIOnZZTXK/n5DsBCdqg1d1ZO4ih4Iw1/TR1iIR0M8ptkIBGVWKslV8OKQNd4 +zNUCmDzb8pmuzVKjwVs7ca9HmQKBgQD2msK7eh81A2dxXPl1chcudFB33zMwA1Y0 +3ZEPsGAinvU5ILwwMlg1w7N1NKwcDYiBkJG1SCoujoTsYoXMKjnlgf5uoklfJJBI +U3QKYMGDRdlqE02V31KBVcv/EdNR8olfjy1xbgCKu04rYnCPGLSLNc6MgcSMYnLr +y9rZlq5UYQKBgQCi0K4f6+j39zFGTF0vCwfl9WvFEQRTctVQ6ygnoR4yVI3bejWt +EXQX1wqhXH2Ks7WK4ViQcZHqluVVbfUTyWoucP5YTTzvsyuzgIqstNoOltW6IVfF +AfW2UgI4rvOBazsVX+qQzzKhpo12jTm2sjR/Cq0HywFhGjfni9pOlBsWsQKBgQDz +3IbFLja+Dee1SuPFKFWUMqGAaNANor8U+CYDBb+LfPWy0JRIdQCV6jkEplmsRBXB +Sl1Mj1hnQbhgqez1wKwQMUSR0xoLY/TqENynhpbWYbRmGUCX/IdyLo3UZqQ6XUVL +oiKmEMmoZyEd9fKpDx06rLLcb1cWHCTY2HZKxZ8PAQKBgF3ftzNurXMCBH9W2RkI +hHhpHArwSLCsDVeGpS6vYDz+EX+RP1t1jJZbTRyOkk/X5RNVA3Yup6Lw8ANWqpPJ +MMbn7YyWGaClkcuHqavOU7kfaqF5S6vECOAtSWd+NPOHUALTDnmBUnLTE4KmzarO +8hd7Y6EEu0Lwkc3GnoQUwzRh +-----END PRIVATE KEY-----`) + + certPool := x509.NewCertPool() + if ok := certPool.AppendCertsFromPEM(certPem); !ok { + t.Fatal("failed to append server certificate to the pool") + } + + cfg := &tls.Config{ + ServerName: host, + MinVersion: tls.VersionTLS12, + MaxVersion: tls.VersionTLS12, + RootCAs: certPool, + } + cfg.Certificates = make([]tls.Certificate, 1) + cert, err := tls.X509KeyPair(certPem, keyPem) + if err != nil { + t.Error(err) + } + cfg.Certificates = []tls.Certificate{cert} + if connectionType == "HTTPS" { client.Transport = &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, // test server certificate is not trusted. - }} + TLSClientConfig: cfg, + } } resp, err := client.Do(req) if err != nil { @@ -230,7 +294,7 @@ func writeToServer(t *testing.T, message, host string, port int, connectionMetho if connectionMethod == "GET" { if resp.StatusCode == http.StatusOK { - bodyBytes, err2 := ioutil.ReadAll(resp.Body) + bodyBytes, err2 := io.ReadAll(resp.Body) if err2 != nil { t.Error(err) t.FailNow()