Remove the TLS-ALPN-01 tlsDial helper (#6954)

This minor cleanup was found in the process of fixing tests in
https://github.com/letsencrypt/boulder/pull/6952, and resolves a TODO
from 2018.

va/tlsalpn.go

@@ -128,8 +128,12 @@ func (va *ValidationAuthorityImpl) getChallengeCert(
 	va.log.Info(fmt.Sprintf("%s [%s] Attempting to validate for %s %s", challenge.Type, identifier, hostPort, config.ServerName))
 	// We expect a self-signed challenge certificate, do not verify it here.
 	config.InsecureSkipVerify = true
-	conn, err := va.tlsDial(ctx, hostPort, config)
 
+	dialCtx, cancel := context.WithTimeout(ctx, va.singleDialTimeout)
+	defer cancel()
+
+	dialer := &tls.Dialer{Config: config}
+	conn, err := dialer.DialContext(dialCtx, "tcp", hostPort)
 	if err != nil {
 		va.log.Infof("%s connection failure for %s. err=[%#v] errStr=[%s]", challenge.Type, identifier, err, err)
 		host, _, splitErr := net.SplitHostPort(hostPort)
@@ -140,14 +144,11 @@ func (va *ValidationAuthorityImpl) getChallengeCert(
 			return nil, nil, detailedError(ipError{net.ParseIP(host), err})
 		}
 		return nil, nil, detailedError(err)
-
 	}
-	// close errors are not important here
-	defer func() {
-		_ = conn.Close()
-	}()
+	defer conn.Close()
 
-	cs := conn.ConnectionState()
+	// tls.Dialer.DialContext guarantees that the *net.Conn it returns is a *tls.Conn.
+	cs := conn.(*tls.Conn).ConnectionState()
 	certs := cs.PeerCertificates
 	if len(certs) == 0 {
 		va.log.Infof("%s challenge for %s resulted in no certificates", challenge.Type, identifier.Value)
@@ -160,30 +161,6 @@ func (va *ValidationAuthorityImpl) getChallengeCert(
 	return certs[0], &cs, nil
 }
 
-// tlsDial does the equivalent of tls.Dial, but obeying a context. Once
-// tls.DialContextWithDialer is available, switch to that.
-func (va *ValidationAuthorityImpl) tlsDial(ctx context.Context, hostPort string, config *tls.Config) (*tls.Conn, error) {
-	ctx, cancel := context.WithTimeout(ctx, va.singleDialTimeout)
-	defer cancel()
-	dialer := &net.Dialer{}
-	netConn, err := dialer.DialContext(ctx, "tcp", hostPort)
-	if err != nil {
-		return nil, err
-	}
-	deadline, ok := ctx.Deadline()
-	if !ok {
-		va.log.AuditErr("tlsDial was called without a deadline")
-		return nil, fmt.Errorf("tlsDial was called without a deadline")
-	}
-	_ = netConn.SetDeadline(deadline)
-	conn := tls.Client(netConn, config)
-	err = conn.Handshake()
-	if err != nil {
-		return nil, err
-	}
-	return conn, nil
-}
-
 func checkExpectedSAN(cert *x509.Certificate, name identifier.ACMEIdentifier) error {
 	if len(cert.DNSNames) != 1 {
 		return errors.New("wrong number of dNSNames")

va/tlsalpn_test.go

@@ -196,7 +196,7 @@ func TestTLSALPNTimeoutAfterConnect(t *testing.T) {
 		t.Fatalf("Connection should've timed out")
 	}
 	test.AssertEquals(t, prob.Type, probs.ConnectionProblem)
-	expected := "127.0.0.1: Timeout during read (your server may be slow or overloaded)"
+	expected := "127.0.0.1: Timeout after connect (your server may be slow or overloaded)"
 	if prob.Detail != expected {
 		t.Errorf("Wrong error detail. Expected %q, got %q", expected, prob.Detail)
 	}