From f87c5e20b21f338e520d97f17f52aedb8bd90ce5 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 11 Feb 2026 22:27:51 +0000
Subject: [PATCH] SSL data read before error results in successful read.

---
 nsock/src/nsock_core.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/nsock/src/nsock_core.c b/nsock/src/nsock_core.c
index d153600c1..371c8ca86 100644
--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -706,6 +706,7 @@ static int do_actual_read(struct npool *ms, struct nevent *nse) {
   } else {
 #if HAVE_OPENSSL
     /* OpenSSL read */
+    ERR_clear_error();
     while ((buflen = SSL_read(iod->ssl, buf, sizeof(buf))) > 0) {
 
       if (fs_cat(&nse->iobuf, buf, buflen) == -1) {
@@ -741,14 +742,24 @@ static int do_actual_read(struct npool *ms, struct nevent *nse) {
           /* EOF because of close_notify */
           buflen = 0;
           break;
+        case SSL_ERROR_SSL:
+          /* On an unexpected EOF, the returned error is SSL_ERROR_SSL with a
+           * SSL_R_UNEXPECTED_EOF_WHILE_READING on the error stack */
+          if (SSL_R_UNEXPECTED_EOF_WHILE_READING == ERR_peek_error()) {
+            buflen = 0;
+            break;
+          }
         default:
           assert(err != SSL_ERROR_NONE);
           /* Unexpected error */
           nse->event_done = 1;
           nse->status = NSE_STATUS_ERROR;
           nse->errnum = EIO;
-          nsock_log_info("SSL_read() failed for reason %s on NSI %li",
-              ERR_error_string(err, NULL), iod->id);
+          nsock_log_info("SSL_read() failed for reason %d on NSI %li",
+              err, iod->id);
+          while (err = ERR_get_error()) {
+            nsock_log_info("Additional SSL error: %s", ERR_error_string(err, NULL));
+          }
           return -1;
       }
     }