From 611bf7030327542bf0580abece9f84c1dd8b960f Mon Sep 17 00:00:00 2001 From: Dmitri Shuralyov Date: Mon, 27 May 2019 19:38:25 -0400 Subject: [PATCH] devapp: add acme.ALPNProto to NextProtos We need to add this manually in order to enable the tls-alpn-01 challenge, since we're using GetCertificate directly instead of via Manager.TLSConfig. We also don't have the http-01 challenge enabled (HTTPHandler isn't being used), so this is the only way for a Let's Encrypt certificate to be acquired now that tls-sni-* challenges have been deprecated. In the future, this code can probably be simplified by using higher-level APIs of autocert, but this fixes the immediate issue. Updates golang/go#32272 Change-Id: Ia72bca3e44bc585b0dfe5c7bcd3e4f544272d1ab Reviewed-on: https://go-review.googlesource.com/c/build/+/179097 Reviewed-by: Brad Fitzpatrick --- devapp/devapp.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/devapp/devapp.go b/devapp/devapp.go index 22b23ba7..c24e24cf 100644 --- a/devapp/devapp.go +++ b/devapp/devapp.go @@ -24,6 +24,7 @@ import ( "cloud.google.com/go/storage" "golang.org/x/build/autocertcache" + "golang.org/x/crypto/acme" "golang.org/x/crypto/acme/autocert" "golang.org/x/net/http2" ) @@ -134,7 +135,10 @@ func serveAutocertTLS(h http.Handler, bucket string) error { } config := &tls.Config{ GetCertificate: m.GetCertificate, - NextProtos: []string{"h2", "http/1.1"}, + NextProtos: []string{ + "h2", "http/1.1", // enable HTTP/2 + acme.ALPNProto, // enable tls-alpn ACME challenges + }, } tlsLn := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, config) server := &http.Server{