From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id DD1DF1F462;
	Fri, 24 May 2019 11:44:13 +0000 (UTC)
Date: Fri, 24 May 2019 11:44:13 +0000
From: Eric Wong <e@80x24.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: meta@public-inbox.org
Subject: TLS support and event loops
Message-ID: <20190524114413.GA30724@dcvr>
References: <87h89tzvp5.fsf@xmission.com>
 <20190518080300.q2klxia2uymnoxyi@dcvr>
 <87blzzu7d9.fsf@xmission.com>
 <20190518213951.ficerfsawms4z7dh@dcvr>
 <87woimpb09.fsf@xmission.com>
 <20190519220417.ejyqwyy6xwkq6lts@dcvr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190519220417.ejyqwyy6xwkq6lts@dcvr>
List-Id: <meta.public-inbox.org>

Eric Wong <e@80x24.org> wrote:
> "Eric W. Biederman" <ebiederm@xmission.com> wrote:
> > Oh that and IO::Socket::SSL.  Something that is currently missing  (or
> > at least missing until recently I haven't check in the last couple of
> > months) is ssl support for our nntp sockets.  So do imap or prevent
> > mischief for our nntp streams we need to use tls.  Which IO::Socket::SSL
> > seems to do.
> 
> Yup, IO::Socket::SSL will be what we use for STARTTLS support,
> not sure when I'll get around to it.
> 
> Fwiw, it's also used by Perlbal for non-blocking HTTPS with
> Danga::Socket.  I plan on keeping PublicInbox::DS close to
> Danga::Socket, for now[1])...
> 
> Using the TLS support in the kernel might be a fun option to
> add, too; but portable stuff, first.

> [1] I've also been thinking about making PublicInbox::DS switch
>     to EPOLLONESHOT/EV_ONESHOT to map better to my mind when
>     distinguishing between SSL_ERROR_WANT_READ/WRITE..  And it
>     would give me an excuse to pick up and dogfood an epoll API
>     to reduce syscall overhead:
>     https://lore.kernel.org/lkml/1393206162-18151-1-git-send-email-n1ght.4nd.d4y@gmail.com/

Or the userspace pollable epoll stuff:
     https://lore.kernel.org/lkml/20190516085810.31077-1-rpenyaev@suse.de/

But yeah, I think the first step would be to convert to
EPOLLONESHOT or EPOLLET to simplify socket state management.
That should make dealing with non-blocking OpenSSL easier.

Fwiw, I never understood the appeal of level-triggering or the
"reactor pattern", but that's what everybody else seems to
pick for event loops.