From ae58a0ee4e5291a4d55c0a3ac6400030ba6dec51 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Tue, 17 Aug 2021 16:31:53 -0700
Subject: [PATCH] Make tests compatible with Go 1.17.

With Go 1.17 tls.Dial will fail if the client and server configured
protocols do not overlap. See https://golang.org/doc/go1.17#ALPN
---
 acme/challenge.go      | 6 ++++++
 acme/challenge_test.go | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/acme/challenge.go b/acme/challenge.go
index 1d5f0ec9..559eeb13 100644
--- a/acme/challenge.go
+++ b/acme/challenge.go
@@ -129,6 +129,12 @@ func tlsalpn01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSON
 
 	conn, err := vo.TLSDial("tcp", hostPort, config)
 	if err != nil {
+		// With Go 1.17+ tls.Dial fails if there's no overlap between configured
+		// client and server protocols. See https://golang.org/doc/go1.17#ALPN
+		if err.Error() == "remote error: tls: no application protocol" {
+			return storeError(ctx, db, ch, true, NewError(ErrorRejectedIdentifierType,
+				"cannot negotiate ALPN acme-tls/1 protocol for tls-alpn-01 challenge"))
+		}
 		return storeError(ctx, db, ch, false, WrapError(ErrorConnectionType, err,
 			"error doing TLS dial for %s", hostPort))
 	}
diff --git a/acme/challenge_test.go b/acme/challenge_test.go
index bb9a2507..97c5e4cd 100644
--- a/acme/challenge_test.go
+++ b/acme/challenge_test.go
@@ -1395,7 +1395,7 @@ func TestTLSALPN01Validate(t *testing.T) {
 						assert.Equals(t, updch.Type, ch.Type)
 						assert.Equals(t, updch.Value, ch.Value)
 
-						err := NewError(ErrorConnectionType, "error doing TLS dial for %v:443: tls: DialWithDialer timed out", ch.Value)
+						err := NewError(ErrorConnectionType, "error doing TLS dial for %v:443:", ch.Value)
 
 						assert.HasPrefix(t, updch.Error.Err.Error(), err.Err.Error())
 						assert.Equals(t, updch.Error.Type, err.Type)