devapp: add acme.ALPNProto to NextProtos
We need to add this manually in order to enable the tls-alpn-01
challenge, since we're using GetCertificate directly instead of
via Manager.TLSConfig. We also don't have the http-01 challenge
enabled (HTTPHandler isn't being used), so this is the only way
for a Let's Encrypt certificate to be acquired now that tls-sni-*
challenges have been deprecated.
In the future, this code can probably be simplified by using
higher-level APIs of autocert, but this fixes the immediate issue.
Updates golang/go#32272
Change-Id: Ia72bca3e44bc585b0dfe5c7bcd3e4f544272d1ab
Reviewed-on: https://go-review.googlesource.com/c/build/+/179097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/devapp/devapp.go b/devapp/devapp.go
index 22b23ba..c24e24c 100644
--- a/devapp/devapp.go
+++ b/devapp/devapp.go
@@ -24,6 +24,7 @@
"cloud.google.com/go/storage"
"golang.org/x/build/autocertcache"
+ "golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
"golang.org/x/net/http2"
)
@@ -134,7 +135,10 @@
}
config := &tls.Config{
GetCertificate: m.GetCertificate,
- NextProtos: []string{"h2", "http/1.1"},
+ NextProtos: []string{
+ "h2", "http/1.1", // enable HTTP/2
+ acme.ALPNProto, // enable tls-alpn ACME challenges
+ },
}
tlsLn := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, config)
server := &http.Server{
