Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/acme,autocert: add support for TLS-ALPN #25013

Closed
x1ddos opened this issue Apr 23, 2018 · 14 comments
Closed

x/crypto/acme,autocert: add support for TLS-ALPN #25013

x1ddos opened this issue Apr 23, 2018 · 14 comments
Labels
FrozenDueToAge help wanted NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@x1ddos
Copy link

x1ddos commented Apr 23, 2018
edited

This is an alternative to TLS-SNI challenge types.
Not sure when and how it'll be accessible on Let's Encrypt, but posting this here to keep an eye on the progress.

Draft: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01
Boulder impl: letsencrypt/boulder#3654

/cc @bradfitz
@gopherbot gopherbot added this to the Unreleased milestone Apr 23, 2018
@cpu
Copy link

cpu commented Apr 24, 2018

Folks interested in working on support for this challenge type in x/crypto/acme can get a head start by targeting Pebble instead of Boulder. We'll be reviewing letsencrypt/boulder#3654 in the near future but Pebble's support for TLS-ALPN-01 challenges is already merged and available: letsencrypt/pebble#112

@x1ddos
Copy link
Author

x1ddos commented Apr 24, 2018

@cpu will this feature be available on Let's Encrypt in v1 or only in v2? Or you don't know yet...

@cpu
Copy link

cpu commented Apr 24, 2018

@x1ddos I don't think it has been discussed yet.

@FiloSottile FiloSottile added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 24, 2018
@mdebski
Copy link

mdebski commented May 29, 2018

btw, I think it was discussed yet and I heard from Roland that it would likely be available in both.

@x1ddos
Copy link
Author

x1ddos commented May 29, 2018

I'll start working on this.

@mdebski
Copy link

mdebski commented May 29, 2018

Thanks! Take a look at certificate generation at [0], I think not much more should be needed in x/crypto/acme itself, other than wiring

[0] https://github.com/mdebski/golang-alpn-example/blob/master/alpnexample.go#L50

@cpu
Copy link

cpu commented May 29, 2018

btw, I think it was discussed yet and I heard from Roland that it would likely be available in both.

Correct 👍 Thanks for sharing that news here @mdebski

@gopherbot
Copy link

Change https://golang.org/cl/116995 mentions this issue: x/crypto/acme: add support for TLS-ALPN

@x1ddos x1ddos changed the title x/crypto/acme: add support for TLS-ALPN x/crypto/acme,autocert: add support for TLS-ALPN Jun 7, 2018
gopherbot pushed a commit to golang/crypto that referenced this issue Jun 8, 2018
@mdebski
acme: add support for TLS-ALPN
8ac0e0d 
This adds support for the new challenge type, as described in
https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01

Updates golang/go#25013

Change-Id: I81b335ff4b4e89e705a70e7d38dd21c3d5f5c25f
Reviewed-on: https://go-review.googlesource.com/116995
Reviewed-by: Alex Vaghin <ddos@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@x1ddos x1ddos mentioned this issue Jun 15, 2018
Closed
@mpx
Copy link
Contributor

mpx commented Jul 18, 2018

FYI, Let's Encrypt has enabled tls-alpn-01 in production:
https://community.letsencrypt.org/t/tls-alpn-validation-method/63814

@bradfitz bradfitz added help wanted NeedsFix The path to resolution is known, but the work has not been done. labels Jul 18, 2018
@gopherbot gopherbot removed the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jul 18, 2018
@bradfitz
Copy link
Contributor

Now that x/crypto/acme supports this, this bug is just still open waiting for x/crypto/acme/autocert support now?

@mdebski
Copy link

mdebski commented Jul 18, 2018 via email

@x1ddos
Copy link
Author

x1ddos commented Jul 21, 2018

Ok, will hack on a CL now.

@x1ddos
Copy link
Author

x1ddos commented Jul 22, 2018

Writing an end-to-end test, so takes a bit longer. Should finish tonight CET.

@gopherbot
Copy link

Change https://golang.org/cl/125495 mentions this issue: acme/autocert: add support for tls-alpn-01

@golang golang locked and limited conversation to collaborators Jul 23, 2019
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
acme/autocert: add support for tls-alpn-01
2d1b218 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
acme/autocert: add support for tls-alpn-01
3c9802a 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
acme/autocert: add support for tls-alpn-01
bc1e1a3 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
acme/autocert: add support for tls-alpn-01
08a611b 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
acme/autocert: add support for tls-alpn-01
ade5993 
Because tls.Config now requires more fields to be set
in order for tls-alpn to work, Manager provides a new
TLSConfig method for easier setup.

This CL also adds a new internal package for end-to-end tests.
The package implements a simple ACME CA server.

Fixes golang/go#25013
Fixes golang/go#25901
Updates golang/go#17251

Change-Id: I2687ea8d5c445ddafad5ea2cdd36cd4e7d10bc86
Reviewed-on: https://go-review.googlesource.com/125495
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge help wanted NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
7 participants
@bradfitz @x1ddos @cpu @FiloSottile @mpx @mdebski @gopherbot