Maybe we need to investigate non-blocking connect with timeout

[ioquatix]

redis/redis-rb#960 (comment)

[rhenium]

Sorry for the delayed response.

I also noticed this:

          begin
            # Initiate the socket connection in the background. If it doesn't fail
            # immediately it will raise an IO::WaitWritable (Errno::EINPROGRESS)
            # indicating the connection is in progress.
            # Unlike waiting for a tcp socket to connect, you can't time out ssl socket
            # connections during the connect phase properly, because IO.select only partially works.
            # Instead, you have to retry.
            ssl_sock.connect_nonblock
          rescue Errno::EAGAIN, Errno::EWOULDBLOCK, IO::WaitReadable
            if ssl_sock.wait_readable(timeout)
              retry
            else
              raise TimeoutError
            end
          rescue IO::WaitWritable
            if ssl_sock.wait_writable(timeout)
              retry
            else
              raise TimeoutError
            end
          end

I don't have time to investigate WHY this was a problem previously, but I don't know if the retry is needed or not.

I may be missing the point, but it's usually necessary to call #connect_nonblock more than twice since a TLS handshake typically takes 2 RTT. The timeout value should be handled better, though, similarly to how net/* stdlib does.

https://github.com/ruby/net-protocol/blob/8ecb835677e79011bbf470de20fdb9f4b2d6f833/lib/net/protocol.rb#L40-L56

[rhenium]

I don't get what exactly was the question, but ruby-openssl should not block at all if the application uses *_nonblock variant all the time.

I'm closing this issue.