ACME: tls-alpn-01 challenge solver implementation.

Author: bavshin-f5

README.md

@@ -11,12 +11,15 @@ certificate management (ACMEv2) protocol.
 
 The module implements following specifications:
 
- * [RFC8555] (Automatic Certificate Management Environment) with limitations:
-     * Only HTTP-01 challenge type is supported
-     * External account binding is not supported
+- [RFC8555] (Automatic Certificate Management Environment) with limitations:
+    - Only HTTP-01 challenge type is supported
+    - External account binding is not supported
+- [RFC8737] (ACME TLS Application-Layer Protocol Negotiation (ALPN) Challenge
+  Extension)
 
 [NGINX]: https://nginx.org/
 [RFC8555]: https://www.rfc-editor.org/rfc/rfc8555.html
+[RFC8737]: https://www.rfc-editor.org/rfc/rfc8737.html
 
 ## Getting Started
 
@@ -166,6 +169,19 @@ Accepted values:
 The generated account keys are preserved across reloads, but will be lost on
 restart unless [state_path](#state_path) is configured.
 
+### challenge
+
+**Syntax:** challenge `type`
+
+**Default:** http-01
+
+**Context:** acme_issuer
+
+Sets challenge type used for this issuer. Allowed values:
+
+- `http-01`
+- `tls-alpn-01`
+
 ### contact
 
 **Syntax:** contact `url`

src/acme.rs

@@ -41,6 +41,7 @@ pub struct NewCertificateOutput {
 
 pub struct AuthorizationContext<'a> {
     pub thumbprint: &'a [u8],
+    pub pkey: &'a PKeyRef<Private>,
 }
 
 pub struct AcmeClient<'a, Http>
@@ -332,6 +333,7 @@ where
 
         let order = AuthorizationContext {
             thumbprint: self.key.thumbprint(),
+            pkey: &pkey,
         };
 
         for (url, authorization) in authorizations {

src/acme/solvers.rs

@@ -10,6 +10,7 @@ use super::AuthorizationContext;
 use crate::conf::identifier::Identifier;
 
 pub mod http;
+pub mod tls_alpn;
 
 #[derive(Debug, Error)]
 #[error("challenge registration failed: {0}")]