From 6ad24519079085ba3e24e2bcfd4c8b27973195d8 Mon Sep 17 00:00:00 2001
From: "Mark S. Lewis" <Mark.S.Lewis@outlook.com>
Date: Wed, 11 Mar 2026 18:09:27 +0000
Subject: [PATCH] fix: do not set InsecureSkipVerify on TLS config

The network.DialConnection function explicitly set InsecureSkipVerify to
true on the tls.Config used to create gRPC connections. This change
removes that behaviour, leaving TLS certificate verification enabled by
default.

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
---
 .gitignore             |  2 ++
 pkg/network/network.go |  1 -
 test/e2e_test.go       | 11 ++---------
 3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index b866522..7817487 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@ coverage.out
 vendor
 .cache/
 install-fabric.sh
+organizations
+test/PackageID
diff --git a/pkg/network/network.go b/pkg/network/network.go
index b2df521..c49c579 100644
--- a/pkg/network/network.go
+++ b/pkg/network/network.go
@@ -332,7 +332,6 @@ func DialConnection(node Node) (*grpc.ClientConn, error) {
 	var conn *grpc.ClientConn
 	for i := 1; i <= 3; i++ {
 		conn, connError = gRPCClient.NewConnection(node.Addr, func(tlsConfig *tls.Config) {
-			tlsConfig.InsecureSkipVerify = true
 			tlsConfig.ServerName = node.SslTargetNameOverride
 		})
 		if connError == nil {
diff --git a/test/e2e_test.go b/test/e2e_test.go
index 9b81728..2bd7570 100644
--- a/test/e2e_test.go
+++ b/test/e2e_test.go
@@ -197,14 +197,7 @@ var _ = Describe("e2e", func() {
 					}
 					for i := 0; i < 3; i++ {
 						osnURL = osnURLs[i]
-						caFile = "../fabric-samples/test-network/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
-						clientCert = clientCerts[i]
-						clientKey = clientKeys[i]
-						caCertPool := x509.NewCertPool()
-						caFilePEM, err := os.ReadFile(caFile)
-						caCertPool.AppendCertsFromPEM(caFilePEM)
-						Expect(err).NotTo(HaveOccurred())
-						tlsClientCert, err := tls.LoadX509KeyPair(clientCert, clientKey)
+						tlsClientCert, err := tls.LoadX509KeyPair(clientCerts[i], clientKeys[i])
 						Expect(err).NotTo(HaveOccurred())
 						resp, err := channel.CreateChannel(osnURL, block, caCertPool, tlsClientCert)
 						Expect(err).NotTo(HaveOccurred())
@@ -214,7 +207,7 @@ var _ = Describe("e2e", func() {
 				//osnURL
 				order := network.Node{
 					Addr:      "localhost:7050",
-					TLSCACert: clientCert,
+					TLSCACert: caFile,
 				}
 				err = order.LoadConfig()
 				Expect(err).NotTo(HaveOccurred())