1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-26 11:18:00 +02:00

Simplify tlsSNIChallenge code.

Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
This commit is contained in:
Tommie Gannert 2015-12-05 12:02:26 +00:00
parent 5dc33c8c08
commit 38cb60624f

View File

@ -6,15 +6,12 @@ import (
"crypto/tls"
"encoding/hex"
"fmt"
"net"
"net/http"
)
type tlsSNIChallenge struct {
jws *jws
optPort string
start chan net.Listener
end chan error
}
func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
@ -23,36 +20,33 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
logf("[INFO] acme: Trying to solve TLS-SNI-01")
t.start = make(chan net.Listener)
t.end = make(chan error)
// Generate the Key Authorization for the challenge
keyAuth, err := getKeyAuthorization(chlng.Token, &t.jws.privKey.PublicKey)
if err != nil {
return err
}
certificate, err := t.generateCertificate(keyAuth)
cert, err := t.generateCertificate(keyAuth)
if err != nil {
return err
}
go t.startSNITLSServer(certificate)
var listener net.Listener
select {
case listener = <-t.start:
break
case err := <-t.end:
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
// Allow for CLI port override
port := ":443"
if t.optPort != "" {
port = ":" + t.optPort
}
// Make sure we properly close the HTTP server before we return
defer func() {
listener.Close()
err = <-t.end
close(t.start)
close(t.end)
}()
tlsConf := new(tls.Config)
tlsConf.Certificates = []tls.Certificate{cert}
listener, err := tls.Listen("tcp", port, tlsConf)
if err != nil {
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
}
defer listener.Close()
go http.Serve(listener, nil)
return validate(t.jws, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth})
}
@ -83,26 +77,3 @@ func (t *tlsSNIChallenge) generateCertificate(keyAuth string) (tls.Certificate,
return certificate, nil
}
func (t *tlsSNIChallenge) startSNITLSServer(cert tls.Certificate) {
// Allow for CLI port override
port := ":443"
if t.optPort != "" {
port = ":" + t.optPort
}
tlsConf := new(tls.Config)
tlsConf.Certificates = []tls.Certificate{cert}
tlsListener, err := tls.Listen("tcp", port, tlsConf)
if err != nil {
t.end <- err
}
// Signal successfull start
t.start <- tlsListener
http.Serve(tlsListener, nil)
t.end <- nil
}