TLS over an existing connection

[art-w]

With @MisterDA , we have a use-case which requires TLS tunneling over an existing TLS connection. This should be pretty easy, but the current tls-lwt API only allow TLS negotiation over an Lwt_unix.file_descr which limits our ability to use an existing TLS connection as the carrier. This PR adds a new Tls_lwt.Unix.client_of_channels function to establish the TLS over input/output Lwt_io.channel instead, which were potentially created by a previous TLS.

To explain why TLS-over-TLS is useful, I've attached an example to show how HTTPS proxying work:

• The client first does an HTTPS request to the proxy, and ask it to CONNECT to_some_server.net:443
• The proxy hopefully responds with a 200 OK success code after connecting to the server
• From there, the TLS connection with the proxy remains open, but further messages on that socket are transparently relayed by the proxy between the client and server
• To send an HTTPS request to the now-reachable target server, the client must do a new TLS negotiation with that server (over the existing TLS connection with the proxy)

(Note that this mode of proxying is rather nice as it guarantees that the proxy can't do a man-in-the-middle, since the client is in charge of checking that the nested TLS connection has been established with the expected server certificates!)

I would like to rebase this PR on top of #497 to get rid of the cstructs, but in the meantime, let me know if there's anything else that should be changed! :)

[art-w]

I didn't want to mess with the carefully crafted write/close implementation present for file descriptors, but perhaps using a pair of input/output Lwt_io.channels would work instead of a new abstraction? (I'm not sure of the impact, because the doc for lwt channels mentions that they do buffering)

[art-w]

Rebased on top of #497 to get rid of the cstructs at art-w@16418ea

[hannesm]

so what is the story of the other backends?

but more importantly, why only a client over an existing connection? wouldn't a symmetric server side be useful as well?

[hannesm]

this executable is nice, but i don't quite understand: are tickets being used? and I may bite, but would it be possible to refactor the executables so we don't repeat that much code over and over!?

obviously it makes sense to wait after 497 for this, since otherwise that's quite a rebase burden. I'm also fine to pioneer the refactoring myself (in August).

[art-w]

Thanks, I didn't realize the example could be simplified to get rid of tickets and redundant bits! I like that this test is self-contained, but I may have gone too far: Should I had some cmdliner options to define the proxy and target server?

[art-w]

Thanks for the review!

tls-eio already supported this, as the client/server are using two-way Flow as input and output. For tls-async, I added a commit to allow clients to skip the Tcp.connect step, and use existing Reader/Writer instead.

Considering the code organization, it was easy to also support server over channels instead of file descriptors... Although I don't personally have a use-case for this :)

(I've already rebased this PR to get rid of Cstructs in anticipation of #497 , so it shouldn't be a burden to update it once #497 is merged)

[hannesm]

This should be rebased on top of main (#497 got merged). I still haven't reviewed in much detail, and am a bit hesitant to merge.

[hannesm]

This should be rebased on top of main (#497 got merged). I still haven't reviewed in much detail, and am a bit hesitant to merge.

Actually, once rebased and the review comments are cleared, it is fine to merge.

[hannesm]

I rebased, and when CI is happy I plan to merge & release.

[art-w]

Thanks a ton! (again sorry for the late reply, I was on break without internet)