Move all OpenSSL/GnuTLS operations into a TLS thread
We should move all OpenSSL and GnuTLS usage into a separate TLS thread, as discussed in #39. This will allow us to solve the following problems:
- It's currently very difficult to add support for TLS 1.3 post-handshake authentication with GnuTLS (#39), due to complicated threadsafety issues.
- It's currently very difficult to add support for TLS alerts with GnuTLS, for similar reason (#65).
- This would allow us to remove the handshake thread (it would be replaced with the TLS thread), greatly simplifying the trickiest portions of our code.
- I've identified several threadsafety issues in our current code where variables may be accessed in different threads simultaneously without protection. Such issues can be greatly reduced by this refactor, and the rest fixed.
- Most importantly: the current OpenSSL backend does not maintain the threadsafety guarantees promised by GIOStream. We need to guarantee that GTlsConnection methods can be called on two threads simultaneously: a reader thread and a writer thread. Until 2017, the OpenSSL documentation incorrectly implied that it was safe to use the SSL object on multiple threads at the same time, and the current code assumes this. But it was never true.
- November 2021 update: we also need this to fix cancellation of handshake operations, see #97 (closed) and #176 (closed).
This refactor address five different problems all at once.
Edited by Michael Catanzaro