Simplify tlsSNIChallenge code.
Solve is blocking, so no need to run initialization code in a separate goroutine. Removes the need for s.start. Once the listener is closed, all I/O resources have been returned. No need to wait for http.Serve to return. Removes the need for s.end.
This commit is contained in:
Tommie Gannert
parent
5dc33c8c08
commit
38cb60624f
1 changed files with 15 additions and 44 deletions
|
|
@ -6,15 +6,12 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
type tlsSNIChallenge struct {
|
type tlsSNIChallenge struct {
|
||||||
jws *jws
|
jws *jws
|
||||||
optPort string
|
optPort string
|
||||||
start chan net.Listener
|
|
||||||
end chan error
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
||||||
|
|
@ -23,36 +20,33 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
|
||||||
|
|
||||||
logf("[INFO] acme: Trying to solve TLS-SNI-01")
|
logf("[INFO] acme: Trying to solve TLS-SNI-01")
|
||||||
|
|
||||||
t.start = make(chan net.Listener)
|
|
||||||
t.end = make(chan error)
|
|
||||||
|
|
||||||
// Generate the Key Authorization for the challenge
|
// Generate the Key Authorization for the challenge
|
||||||
keyAuth, err := getKeyAuthorization(chlng.Token, &t.jws.privKey.PublicKey)
|
keyAuth, err := getKeyAuthorization(chlng.Token, &t.jws.privKey.PublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
certificate, err := t.generateCertificate(keyAuth)
|
cert, err := t.generateCertificate(keyAuth)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
go t.startSNITLSServer(certificate)
|
// Allow for CLI port override
|
||||||
var listener net.Listener
|
port := ":443"
|
||||||
select {
|
if t.optPort != "" {
|
||||||
case listener = <-t.start:
|
port = ":" + t.optPort
|
||||||
break
|
|
||||||
case err := <-t.end:
|
|
||||||
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make sure we properly close the HTTP server before we return
|
tlsConf := new(tls.Config)
|
||||||
defer func() {
|
tlsConf.Certificates = []tls.Certificate{cert}
|
||||||
listener.Close()
|
|
||||||
err = <-t.end
|
listener, err := tls.Listen("tcp", port, tlsConf)
|
||||||
close(t.start)
|
if err != nil {
|
||||||
close(t.end)
|
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
||||||
}()
|
}
|
||||||
|
defer listener.Close()
|
||||||
|
|
||||||
|
go http.Serve(listener, nil)
|
||||||
|
|
||||||
return validate(t.jws, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth})
|
return validate(t.jws, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth})
|
||||||
}
|
}
|
||||||
|
|
@ -83,26 +77,3 @@ func (t *tlsSNIChallenge) generateCertificate(keyAuth string) (tls.Certificate,
|
||||||
|
|
||||||
return certificate, nil
|
return certificate, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *tlsSNIChallenge) startSNITLSServer(cert tls.Certificate) {
|
|
||||||
|
|
||||||
// Allow for CLI port override
|
|
||||||
port := ":443"
|
|
||||||
if t.optPort != "" {
|
|
||||||
port = ":" + t.optPort
|
|
||||||
}
|
|
||||||
|
|
||||||
tlsConf := new(tls.Config)
|
|
||||||
tlsConf.Certificates = []tls.Certificate{cert}
|
|
||||||
|
|
||||||
tlsListener, err := tls.Listen("tcp", port, tlsConf)
|
|
||||||
if err != nil {
|
|
||||||
t.end <- err
|
|
||||||
}
|
|
||||||
// Signal successfull start
|
|
||||||
t.start <- tlsListener
|
|
||||||
|
|
||||||
http.Serve(tlsListener, nil)
|
|
||||||
|
|
||||||
t.end <- nil
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue