Matt Caswell

I've rebased this on top of the latest version of #19734. As soon as that one goes in we can get this one reviewed.

I've rebased this now that #19734 has been merged. It is now ready for review.

> ubsan CI is relevant. Fixed (hopefully).

The one CI failure is not relevant. Ping for reviews.

@t8m and @hlandau - Fixup pushed addressing the nits. I've also added a commit to remove the `user_ssl` field which is now no longer used. Please take another look.

The 2 CI failures are unrelated. Pushed. Thanks for the reviews.

Closing since this is marked as resolved.

Wouldn't this impact non-blocking sockets too? I've not tried it, but I'm not sure what is special about blocking sockets in this scenario - except of course for non-blocking sockets...

> Getting an SSL_ERROR_WANT_WRITE should not prevent us from calling SSL_read() if we know we can read data. I'm not sure if we currently will then process that data. Don't...

> For application protocols where the server never writes, the client may also never call SSL_read, so it wouldn't pick up the ticket anyway. Well, that's not entirely true -...