From 38cb60624fff4f86800e29bee40217700d86e4a7 Mon Sep 17 00:00:00 2001
From: Tommie Gannert <tommie@gannert.se>
Date: Sat, 5 Dec 2015 12:02:26 +0000
Subject: [PATCH] Simplify tlsSNIChallenge code.

Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
---
 acme/tls_sni_challenge.go | 59 ++++++++++-----------------------------
 1 file changed, 15 insertions(+), 44 deletions(-)

diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go
index 634bf899..5d963954 100644
--- a/acme/tls_sni_challenge.go
+++ b/acme/tls_sni_challenge.go
@@ -6,15 +6,12 @@ import (
 	"crypto/tls"
 	"encoding/hex"
 	"fmt"
-	"net"
 	"net/http"
 )
 
 type tlsSNIChallenge struct {
 	jws     *jws
 	optPort string
-	start   chan net.Listener
-	end     chan error
 }
 
 func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
@@ -23,36 +20,33 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
 
 	logf("[INFO] acme: Trying to solve TLS-SNI-01")
 
-	t.start = make(chan net.Listener)
-	t.end = make(chan error)
-
 	// Generate the Key Authorization for the challenge
 	keyAuth, err := getKeyAuthorization(chlng.Token, &t.jws.privKey.PublicKey)
 	if err != nil {
 		return err
 	}
 
-	certificate, err := t.generateCertificate(keyAuth)
+	cert, err := t.generateCertificate(keyAuth)
 	if err != nil {
 		return err
 	}
 
-	go t.startSNITLSServer(certificate)
-	var listener net.Listener
-	select {
-	case listener = <-t.start:
-		break
-	case err := <-t.end:
-		return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
+	// Allow for CLI port override
+	port := ":443"
+	if t.optPort != "" {
+		port = ":" + t.optPort
 	}
 
-	// Make sure we properly close the HTTP server before we return
-	defer func() {
-		listener.Close()
-		err = <-t.end
-		close(t.start)
-		close(t.end)
-	}()
+	tlsConf := new(tls.Config)
+	tlsConf.Certificates = []tls.Certificate{cert}
+
+	listener, err := tls.Listen("tcp", port, tlsConf)
+	if err != nil {
+		return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
+	}
+	defer listener.Close()
+
+	go http.Serve(listener, nil)
 
 	return validate(t.jws, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth})
 }
@@ -83,26 +77,3 @@ func (t *tlsSNIChallenge) generateCertificate(keyAuth string) (tls.Certificate,
 
 	return certificate, nil
 }
-
-func (t *tlsSNIChallenge) startSNITLSServer(cert tls.Certificate) {
-
-	// Allow for CLI port override
-	port := ":443"
-	if t.optPort != "" {
-		port = ":" + t.optPort
-	}
-
-	tlsConf := new(tls.Config)
-	tlsConf.Certificates = []tls.Certificate{cert}
-
-	tlsListener, err := tls.Listen("tcp", port, tlsConf)
-	if err != nil {
-		t.end <- err
-	}
-	// Signal successfull start
-	t.start <- tlsListener
-
-	http.Serve(tlsListener, nil)
-
-	t.end <- nil
-}