From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id DD1DF1F462; Fri, 24 May 2019 11:44:13 +0000 (UTC) Date: Fri, 24 May 2019 11:44:13 +0000 From: Eric Wong To: "Eric W. Biederman" Cc: meta@public-inbox.org Subject: TLS support and event loops Message-ID: <20190524114413.GA30724@dcvr> References: <87h89tzvp5.fsf@xmission.com> <20190518080300.q2klxia2uymnoxyi@dcvr> <87blzzu7d9.fsf@xmission.com> <20190518213951.ficerfsawms4z7dh@dcvr> <87woimpb09.fsf@xmission.com> <20190519220417.ejyqwyy6xwkq6lts@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190519220417.ejyqwyy6xwkq6lts@dcvr> List-Id: Eric Wong wrote: > "Eric W. Biederman" wrote: > > Oh that and IO::Socket::SSL. Something that is currently missing (or > > at least missing until recently I haven't check in the last couple of > > months) is ssl support for our nntp sockets. So do imap or prevent > > mischief for our nntp streams we need to use tls. Which IO::Socket::SSL > > seems to do. > > Yup, IO::Socket::SSL will be what we use for STARTTLS support, > not sure when I'll get around to it. > > Fwiw, it's also used by Perlbal for non-blocking HTTPS with > Danga::Socket. I plan on keeping PublicInbox::DS close to > Danga::Socket, for now[1])... > > Using the TLS support in the kernel might be a fun option to > add, too; but portable stuff, first. > [1] I've also been thinking about making PublicInbox::DS switch > to EPOLLONESHOT/EV_ONESHOT to map better to my mind when > distinguishing between SSL_ERROR_WANT_READ/WRITE.. And it > would give me an excuse to pick up and dogfood an epoll API > to reduce syscall overhead: > https://lore.kernel.org/lkml/1393206162-18151-1-git-send-email-n1ght.4nd.d4y@gmail.com/ Or the userspace pollable epoll stuff: https://lore.kernel.org/lkml/20190516085810.31077-1-rpenyaev@suse.de/ But yeah, I think the first step would be to convert to EPOLLONESHOT or EPOLLET to simplify socket state management. That should make dealing with non-blocking OpenSSL easier. Fwiw, I never understood the appeal of level-triggering or the "reactor pattern", but that's what everybody else seems to pick for event loops.