network tls: alternative to using socket BIOs in SslSocket

[florincoras]

TLS sockets are currently using BIOs that rely on access to a socket file descriptor, namely:

BIO* bio = BIO_new_socket(callbacks_->ioHandle().fdDoNotUse(), 0);

To avoid direct use of the fd and to ensure that SslSockets can work with any type of IoHandles, probably mem BIOs should be used instead. I am willing to do the work but does anybody know if this comes with any significant downsides? Are there any better alternatives?

[florincoras]

cc @mattklein123 @antoniovicente

[antoniovicente]

One possible option would be to add a method to IoHandle that creates an SSL bio that is appropriate for the IoHandle in question. It does pollute the IoHandle interface in some ways. We should keep in mind that IoHandle::readv and writev should not be used on IoHandles used by SSL libraries.

[florincoras]

Interesting idea! Personally, I like the option of being able to abstract any type of transport with IoHandles, i.e., being able to readv/writev to an IoHandle that internally implements TLS/QUIC seems good to me. But, agreed, that could lead to a significant amount of api pollution.

[antoniovicente]

Writing a BIO that calls into IoHandle for peek/read/write operations may also be an option.

[mattklein123]

cc @ggreenway @lizan @PiotrSikora @davidben for thoughts.

I don't know about the available options. Some type of shim over an IOHandle would be great if it's possible to implement a custom one as @antoniovicente suggests.

[antoniovicente]

See:
BIO_METHOD acts like a vtable, allows you to specify read/write/etc functions
BIO *BIO_new(const BIO_METHOD *method);

BIO::ptr would point to the IoHandle*

[florincoras]

Looking at what @antoniovicente suggested!

[florincoras]

Surprisingly enough, something as simple as #12911 seems to be working.