From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 11:31:17 +0000 (+0200)
Subject: openssl: set io_need always
X-Git-Tag: rc-8_17_0-1~233
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=442943fb8e9a0e7bd9ae0e5976e4e52792af9739;p=thirdparty%2Fcurl.git

openssl: set io_need always

When OpenSSL reports SSL_ERROR_WANT_READ, set the io_need explicitly.
It should have already been set by the BIO, but be safe.

Reported in Joshua's sarif data

Closes #18733
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 1048bf5751..d07c1bf773 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5369,6 +5369,7 @@ static CURLcode ossl_recv(struct Curl_cfilter *cf,
         connclose(conn, "TLS close_notify");
       break;
     case SSL_ERROR_WANT_READ:
+      connssl->io_need = CURL_SSL_IO_NEED_RECV;
       result = CURLE_AGAIN;
       goto out;
     case SSL_ERROR_WANT_WRITE: