Document the revert of the proper reporting of an unexpected EOF

CHANGES

@@ -9,6 +9,13 @@
 
  Changes between 1.1.1e and 1.1.1f [xx XXX xxxx]
 
+  *) Revert the change of EOF detection while reading in libssl to avoid
+     regressions in applications depending on the current way of reporting
+     the EOF. As the existing method is not fully accurate the change to
+     reporting the EOF via SSL_ERROR_SSL is kept on the current development
+     branch and will be present in the 3.0 release.
+     [Tomas Mraz]
+
   *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
      when primes for RSA keys are computed.
      Since we previously always generated primes == 2 (mod 3) for RSA keys,

NEWS

@@ -7,12 +7,14 @@
 
   Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development]
 
-      o
+      o Revert the unexpected EOF reporting via SSL_ERROR_SSL
 
   Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
 
       o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
         used in exponentiation with 512-bit moduli (CVE-2019-1551)
+      o Properly detect unexpected EOF while reading in libssl and report
+        it via SSL_ERROR_SSL
 
   Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
 

doc/man3/SSL_get_error.pod

@@ -155,6 +155,18 @@ connection and SSL_shutdown() must not be called.
 
 =back
 
+=head1 BUGS
+
+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
+it is truly a TLS protocol error to terminate the connection without
+a SSL_shutdown().
+
+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
+which choose to ignore this protocol error depend on the existing way of
+reporting the error.
+
 =head1 SEE ALSO
 
 L<ssl(7)>