devapp: add acme.ALPNProto to NextProtos

We need to add this manually in order to enable the tls-alpn-01 challenge, since we're using GetCertificate directly instead of via Manager.TLSConfig. We also don't have the http-01 challenge enabled (HTTPHandler isn't being used), so this is the only way for a Let's Encrypt certificate to be acquired now that tls-sni-* challenges have been deprecated. In the future, this code can probably be simplified by using higher-level APIs of autocert, but this fixes the immediate issue. Updates golang/go#32272 Change-Id: Ia72bca3e44bc585b0dfe5c7bcd3e4f544272d1ab Reviewed-on: https://go-review.googlesource.com/c/build/+/179097 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-05-27 19:38:25 -04:00 · 2019-05-27 19:38:25 -04:00 · 611bf70303
--- a/devapp/devapp.go
+++ b/devapp/devapp.go
@ -24,6 +24,7 @@ import (

 	"cloud.google.com/go/storage"
 	"golang.org/x/build/autocertcache"
+	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/net/http2"
 )
@ -134,7 +135,10 @@ func serveAutocertTLS(h http.Handler, bucket string) error {
 	}
 	config := &tls.Config{
 		GetCertificate: m.GetCertificate,
-		NextProtos:     []string{"h2", "http/1.1"},
+		NextProtos: []string{
+			"h2", "http/1.1", // enable HTTP/2
+			acme.ALPNProto, // enable tls-alpn ACME challenges
+		},
 	}
 	tlsLn := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, config)
 	server := &http.Server{