From f1e1c8b98a403a433accbd1976debe59e502df05 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Tue, 3 Jun 2025 11:54:40 +0200
Subject: [PATCH] tls BIOs: handle BIO_CTRL_EOF correctly

Needs to return 1 if EOF from underlying filter has been seen.

Fixes #17471
Reported-by: Michael Kaufmann
Closes #17526
---
 lib/vtls/openssl.c | 6 ++++--
 lib/vtls/wolfssl.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 6907840886..0ce09ca06b 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -698,9 +698,11 @@ static long ossl_bio_cf_ctrl(BIO *bio, int cmd, long num, void *ptr)
     ret = 1;
     break;
 #ifdef BIO_CTRL_EOF
-  case BIO_CTRL_EOF:
+  case BIO_CTRL_EOF: {
     /* EOF has been reached on input? */
-    return !cf->next || !cf->next->connected;
+    struct ssl_connect_data *connssl = cf->ctx;
+    return connssl->peer_closed;
+  }
 #endif
   default:
     ret = 0;
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index a19b137092..9c6f518260 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -299,9 +299,11 @@ static long wssl_bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr)
     ret = 1;
     break;
 #ifdef WOLFSSL_BIO_CTRL_EOF
-  case WOLFSSL_BIO_CTRL_EOF:
+  case WOLFSSL_BIO_CTRL_EOF: {
     /* EOF has been reached on input? */
-    return !cf->next || !cf->next->connected;
+    struct ssl_connect_data *connssl = cf->ctx;
+    return connssl->peer_closed;
+  }
 #endif
   default:
     ret = 0;
-- 
2.47.2