From 2e9f11322492729acce74840edf018a2594a42e4 Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Sun, 25 May 2025 18:50:18 +0800
Subject: [PATCH] fix(autocert): update test server configuration to use TLS
 with custom CA and add IPAddresses field

---
 .../autocert/provider_test/custom_test.go     | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/internal/autocert/provider_test/custom_test.go b/internal/autocert/provider_test/custom_test.go
index 6490761..e51a9ac 100644
--- a/internal/autocert/provider_test/custom_test.go
+++ b/internal/autocert/provider_test/custom_test.go
@@ -166,6 +166,7 @@ func newTestACMEServer(t *testing.T) *testACMEServer {
 			StreetAddress: []string{""},
 			PostalCode:    []string{""},
 		},
+		IPAddresses:           []net.IP{net.ParseIP("127.0.0.1")},
 		NotBefore:             time.Now(),
 		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
 		IsCA:                  true,
@@ -190,7 +191,17 @@ func newTestACMEServer(t *testing.T) *testACMEServer {
 	mux := http.NewServeMux()
 	acme.setupRoutes(mux)
 
-	acme.server = httptest.NewTLSServer(mux)
+	acme.server = httptest.NewUnstartedServer(mux)
+	acme.server.TLS = &tls.Config{
+		Certificates: []tls.Certificate{
+			{
+				Certificate: [][]byte{caCert.Raw},
+				PrivateKey:  caKey,
+			},
+		},
+		MinVersion: tls.VersionTLS12,
+	}
+	acme.server.StartTLS()
 	return acme
 }
 
@@ -203,6 +214,9 @@ func (s *testACMEServer) URL() string {
 }
 
 func (s *testACMEServer) httpClient() *http.Client {
+	certPool := x509.NewCertPool()
+	certPool.AddCert(s.caCert)
+
 	return &http.Client{
 		Transport: &http.Transport{
 			DialContext: (&net.Dialer{
@@ -212,7 +226,8 @@ func (s *testACMEServer) httpClient() *http.Client {
 			TLSHandshakeTimeout:   30 * time.Second,
 			ResponseHeaderTimeout: 30 * time.Second,
 			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true, //nolint:gosec
+				RootCAs:    certPool,
+				MinVersion: tls.VersionTLS12,
 			},
 		},
 	}