Fix ACME ALPN conflict

2024-11-09 18:43:14 +00:00 · 2023-12-24 18:01:12 +08:00 · 2023-12-24 18:01:12 +08:00 · 3eed614dea
parent 76a295a660
commit 3eed614dea
3 changed files with 25 additions and 3 deletions
--- a/common/tls/acme.go
+++ b/common/tls/acme.go
@ -105,5 +105,16 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
 		},
 	})
 	config = certmagic.New(cache, *config)
-	return config.TLSConfig(), &acmeWrapper{ctx: ctx, cfg: config, cache: cache, domain: options.Domain}, nil
+	var tlsConfig *tls.Config
+	if acmeConfig.DisableTLSALPNChallenge || acmeConfig.DNS01Solver != nil {
+		tlsConfig = &tls.Config{
+			GetCertificate: config.GetCertificate,
+		}
+	} else {
+		tlsConfig = &tls.Config{
+			GetCertificate: config.GetCertificate,
+			NextProtos:     []string{ACMETLS1Protocol},
+		}
+	}
+	return tlsConfig, &acmeWrapper{ctx: ctx, cfg: config, cache: cache, domain: options.Domain}, nil
 }
--- a/common/tls/acme_contstant.go
+++ b/common/tls/acme_contstant.go
@ -0,0 +1,3 @@
+package tls
+
+const ACMETLS1Protocol = "acme-tls/1"
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@ -39,11 +39,19 @@ func (c *STDServerConfig) SetServerName(serverName string) {
 }

 func (c *STDServerConfig) NextProtos() []string {
-	return c.config.NextProtos
+	if c.acmeService != nil && len(c.config.NextProtos) > 1 && c.config.NextProtos[0] == ACMETLS1Protocol {
+		return c.config.NextProtos[1:]
+	} else {
+		return c.config.NextProtos
+	}
 }

 func (c *STDServerConfig) SetNextProtos(nextProto []string) {
-	c.config.NextProtos = nextProto
+	if c.acmeService != nil && len(c.config.NextProtos) > 1 && c.config.NextProtos[0] == ACMETLS1Protocol {
+		c.config.NextProtos = append(c.config.NextProtos[:1], nextProto...)
+	} else {
+		c.config.NextProtos = nextProto
+	}
 }

 func (c *STDServerConfig) Config() (*STDConfig, error) {