AsyncSSLSocket StartTLS
Summary:
Adds a StartTLS mode to AsyncSSLSocket. Previously I could only find anyone doing something like this by using AsyncSocket, calling detachFd, then creating a new AsyncSSLSocket, and calling sslConn/sslAccept.
That had a couple downsides: 1) All pointers to the previous AsyncSocket become invalid and similarly 2) have to be super careful reads/writes happen on the correct socket, are flushed before changing socket types, etc.
This makes it super easy to just use the same AsyncSSLSocket for everything:
a) Create AsyncSSLSocket in StartTLS mode
b) send/recv anything
c) Call sslAccept/sslConn. Existing writes are still flushed in the correct order, any additional writes are buffered until handshake completes
d) Start receiving encrypted data.
I made it a new mode (vs. the default), since it seems bad to unintentionally send unencrypted data.
Use case is easy secure thrift upgrade (similar to how current kerberos does it)
Test Plan: New unittest
Reviewed By: afrind@fb.com
Subscribers: doug, ssl-diffs@, folly-diffs@, yfeldblum, chalfant, haijunz, andrewcox, alandau, alikhtarov, jsedgwick, simpkins
FB internal diff:
D2120114
Signature: t1:
2120114:
1433798448:
caeddc8feb6cc10fb34200ba97ea323bcaf09f7a
projects / folly.git / commit