[openssl-dev] How to use BIO_do_connect(), blocking and non-blocking with timeout, coping with errors

[Salz, Rich]

    Getting the client connect right appears surprisingly messy when one
    needs to cope with all kinds of network error situations including
    domain name resolution issues and temporarily unreachable servers.
    Both indefinitely blocking and non-blocking behavior (i.e., connection
    attempts with and without a timeout) should be supported.
    

It is a complicated issue and hard to get right for all definitions of right for all applications ☺

A set of API’s that set up all the TLS “metadata”, and took a connected socket might be a way through the maze.  For example:
    SSL *SSL_connection(int socket, const char *servername, …whatever…)