libbeat/common/transport: fix log message about TLS (#30331)

This commit fixes the log message issued by the `test output` command.
Our current TLS verification relies on more than the value of
`tlsConfig.InsecureSkipVerify`, so the previous implementation would
log that TLS was disabled when it was not.

This commit fixes it by checking the value of `config.Verification`.

CHANGELOG.next.asciidoc

@@ -39,6 +39,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif
 *Affecting all Beats*
 
 - Fix field names with `add_network_direction` processor. {issue}29747[29747] {pull}29751[29751]
+- Fix a logging bug when `ssl.verification_mode` was set to `full` or `certificate`, the command `test output` incorrectly logged that TLS was disabled.
 
 *Auditbeat*
 

libbeat/common/transport/tls.go

@@ -154,7 +154,21 @@ func tlsDialWith(
 		}
 	}
 
-	if tlsConfig.InsecureSkipVerify {
+	// config might be nil, so get the zero-value and then read what is in config.
+	// We assume that the zero-value is the default value
+	var verification tlscommon.TLSVerificationMode
+	if config != nil {
+		verification = config.Verification
+	}
+
+	// We only check the status of config.Verification (`ssl.verification_mode`
+	// in the configuration file) because we have a custom verification logic
+	// implemented by setting tlsConfig.VerifyConnection that runs regardless of
+	// the status of tlsConfig.InsecureSkipVerify.
+	// For verification modes VerifyFull and VerifyCeritifcate we set
+	// tlsConfig.InsecureSkipVerify to true, hence it's not an indicator of
+	// whether TLS verification is enabled or not.
+	if verification == tlscommon.VerifyNone {
 		d.Warn("security", "server's certificate chain verification is disabled")
 	} else {
 		d.Info("security", "server's certificate chain verification is enabled")