> That sample code is where my code changes came from
Please look closer at the example code in IO::Socket::SSL you've based your code from. The example code is specifically dealing with the case that there are still buffered data (using pending) before calling can_read again. Your code misses this part. While the code then will work for cases where each websocket frame is in its own SSL frame it will spuriously fail in case multiple websocket frame are contained in one SSL frame.
> Before I made the change, it would get caught in a loop without reading any new data, I'm guessing because SSL needed to be renegotiated like I read in the doc I did find...
In your first code you made the socket non-blocking but then did not check for the socket to be readable at all (can_read) and instead run a busy loop where it always tried to read from the socket and most times immediately failed with EAGAIN since no data where available on the socket. Adding the can_read fixed this but introduced the problem that you don't deal properly with multiple websocket frames inside a single SSL frame. The part about renegotiation instead (i.e. dealing with SSL_WANT_WRITE) is probably unused in most cases since usually no renegotiation will happen on the socket.