openssl: set io_need always

When OpenSSL reports SSL_ERROR_WANT_READ, set the io_need explicitly.
It should have already been set by the BIO, but be safe.

Reported in Joshua's sarif data

Closes #18733

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 1048bf5751c1c40a6e101343a439fb9272e38040..d07c1bf773da336749b629032264f2e9926880c1 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5369,6 +5369,7 @@ static CURLcode ossl_recv(struct Curl_cfilter *cf,
         connclose(conn, "TLS close_notify");
       break;
     case SSL_ERROR_WANT_READ:
+      connssl->io_need = CURL_SSL_IO_NEED_RECV;
       result = CURLE_AGAIN;
       goto out;
     case SSL_ERROR_WANT_WRITE: