Nick Mathewson authored Mar 29, 2019 and teor committed Apr 06, 2019

Diagnostic for 29241.

Fixes bug 27782; bugfix on 0.3.5.1-alpha

Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.

This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't.  To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.

Closes ticket 27289.

This function tells the underlying TLS object that it shouldn't
close the fd on exit.  Mostly, we hope not to have to use it, since
the NSS implementation is kludgey, but it should allow us to fix

Fun fact: PR_Close leaks memory if its socket is not valid.

The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.

This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.

This is enough to get a chutney network to bootstrap, though a bunch
of work remains.

7 unit tests are failing at this point, but they're all TLS-related.

We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2

Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.