From 1e53154792a1d188cc29b7c78433913f34714912 Mon Sep 17 00:00:00 2001
From: Dave Watson <davejwatson@fb.com>
Date: Fri, 13 Jan 2017 10:32:13 -0800
Subject: [PATCH] Add AsyncSSLSocket option to turn off transparent tls

Summary: Folly parts of D4383906.

Reviewed By: plapukhov

Differential Revision: D4387254

fbshipit-source-id: 3c039720c88c91b7292d60a85272dd1978510296
---
 folly/io/async/AsyncSSLSocket.cpp | 2 ++
 folly/io/async/AsyncSocket.cpp    | 6 ++++++
 folly/io/async/AsyncSocket.h      | 9 +++++++++
 3 files changed, 17 insertions(+)

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index cb4b96d2..4b9f3173 100644
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -225,6 +225,7 @@ AsyncSSLSocket::AsyncSSLSocket(const shared_ptr<SSLContext>& ctx,
     ctx_(ctx),
     handshakeTimeout_(this, evb),
     connectionTimeout_(this, evb) {
+  noTransparentTls_ = true;
   init();
   if (server) {
     SSL_CTX_set_info_callback(ctx_->getSSLCtx(),
@@ -653,6 +654,7 @@ void AsyncSSLSocket::connect(ConnectCallback* callback,
   assert(!server_);
   assert(state_ == StateEnum::UNINIT);
   assert(sslState_ == STATE_UNINIT);
+  noTransparentTls_ = true;
   AsyncSSLSocketConnector *connector =
     new AsyncSSLSocketConnector(this, callback, timeout);
   AsyncSocket::connect(connector, address, timeout, options, bindAddr);
diff --git a/folly/io/async/AsyncSocket.cpp b/folly/io/async/AsyncSocket.cpp
index bdae6326..6395ef58 100644
--- a/folly/io/async/AsyncSocket.cpp
+++ b/folly/io/async/AsyncSocket.cpp
@@ -471,6 +471,12 @@ void AsyncSocket::connect(ConnectCallback* callback,
 }
 
 int AsyncSocket::socketConnect(const struct sockaddr* saddr, socklen_t len) {
+#if __linux__
+  if (noTransparentTls_) {
+    // Ignore return value, errors are ok
+    setsockopt(fd_, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0);
+  }
+#endif
   int rv = fsp::connect(fd_, saddr, len);
   if (rv < 0) {
     auto errnoCopy = errno;
diff --git a/folly/io/async/AsyncSocket.h b/folly/io/async/AsyncSocket.h
index 8917a6d6..e4f01a4d 100644
--- a/folly/io/async/AsyncSocket.h
+++ b/folly/io/async/AsyncSocket.h
@@ -64,6 +64,10 @@ namespace folly {
  * responding and no further progress can be made sending the data.
  */
 
+#if defined __linux__ && !defined SO_NO_TRANSPARENT_TLS
+#define SO_NO_TRANSPARENT_TLS 200
+#endif
+
 #ifdef _MSC_VER
 // We do a dynamic_cast on this, in
 // AsyncTransportWrapper::getUnderlyingTransport so be safe and
@@ -562,6 +566,10 @@ class AsyncSocket : virtual public AsyncTransportWrapper {
 #endif
   }
 
+  void disableTransparentTls() {
+    noTransparentTls_ = true;
+  }
+
   enum class StateEnum : uint8_t {
     UNINIT,
     CONNECTING,
@@ -949,6 +957,7 @@ class AsyncSocket : virtual public AsyncTransportWrapper {
   bool tfoEnabled_{false};
   bool tfoAttempted_{false};
   bool tfoFinished_{false};
+  bool noTransparentTls_{false};
 
   std::unique_ptr<EvbChangeCallback> evbChangeCb_{nullptr};
 };
-- 
2.34.1