Switch to non-blocking SSL

Summary:
OpenSSL/BoringSSL don't support TLS connection handshake timeout for blocking sockets. Not honoring the timeout could lead to hodling `SslAcceptorContext::lock` reader lock before sslaccept, which would block any thing that takes writer lock, and the only case seems to be `alter instance reload tls`. This leads to instance lock up and dead master promotions. This fixes it by switching to non-blocking SSL before sslaccept.

Reference Patch: facebook@3dee035
Reference Patch: facebook@b3757d0231f

Differential Revision: D21616047

fbshipit-source-id: aa0532c21e9

vio/viossl.cc

@@ -751,6 +751,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
 int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
               unsigned long *ssl_errno_holder) {
   DBUG_TRACE;
+  vio_set_blocking(vio, false);
   int ret =
       ssl_do(ptr, vio, timeout, nullptr, SSL_accept, ssl_errno_holder, nullptr);
   return ret;
@@ -760,6 +761,10 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
                SSL_SESSION *ssl_session, unsigned long *ssl_errno_holder,
                SSL **ssl) {
   DBUG_TRACE;
+  // Setting non blocking mode since openssl/boringssl does not support
+  // timeout with blocking mode on handshake
+  vio_set_blocking(vio, false);
+
   int ret = ssl_do(ptr, vio, timeout, ssl_session, SSL_connect,
                    ssl_errno_holder, ssl);
   return ret;