Use nonblocking IO for SSL socket connect.

Attempting to use SSL when the server isn't configured this way will
lead to the connection hanging forever.  By using nonblocking IO we
can respect a timeout.

fixes #835

Author: esiegel

lib/redis/connection/ruby.rb

@@ -266,7 +266,28 @@ def self.connect(host, port, timeout, ssl_params)
 
           ssl_sock = new(tcp_sock, ctx)
           ssl_sock.hostname = host
-          ssl_sock.connect
+
+          begin
+            # Initiate the socket connection in the background. If it doesn't fail
+            # immediately it will raise an IO::WaitWritable (Errno::EINPROGRESS)
+            # indicating the connection is in progress.
+            # Unlike waiting for a tcp socket to connect, you can't time out ssl socket
+            # connections during the connect phase properly, because IO.select only partially works.
+            # Instead, you have to retry.
+            ssl_sock.connect_nonblock
+          rescue Errno::EAGAIN, Errno::EWOULDBLOCK, IO::WaitReadable
+            if IO.select([ssl_sock], nil, nil, timeout)
+              retry
+            else
+              raise TimeoutError
+            end
+          rescue IO::WaitWritable
+            if IO.select(nil, [ssl_sock], nil, timeout)
+              retry
+            else
+              raise TimeoutError
+            end
+          end
 
           unless ctx.verify_mode == OpenSSL::SSL::VERIFY_NONE
             ssl_sock.post_connection_check(host)

test/ssl_test.rb

@@ -6,6 +6,13 @@ class SslTest < Minitest::Test
 
   driver(:ruby) do
 
+    def test_connection_to_non_ssl_server
+      assert_raises(Redis::CannotConnectError) do
+        redis = Redis.new(OPTIONS.merge(ssl: true))
+        redis.ping
+      end
+    end
+
     def test_verified_ssl_connection
       RedisMock.start({ :ping => proc { "+PONG" } }, ssl_server_opts("trusted")) do |port|
         redis = Redis.new(:port => port, :ssl => true, :ssl_params => { :ca_file => ssl_ca_file })