Yeah, the pattern for doing non-blocking I/O with select() is
different for SSL-wrapped sockets: You always have to try the
potentially-blocking operation first, and then call select() and
retry in response to SSL_ERROR_WANT_READ/WRITE. (You can also check
SSL_pending(), but I don't think you really have to.) Also, unlike
normal sockets, SSL-wrapped sockets *must* be set non-blocking.
I can see how this pattern might not play nicely with asyncore. But
I think this is a separate (though related) issue from the one I
reported. As it's currently implemented, the ssl module provides no
way of wrapping a socket without (potentially) blocking during the
handshake, making it unusable by Twisted or any other package that
requires all I/O to be non-blocking. Moving the handshaking into a
separate method solves this problem.