diff --git a/ChangeLog.d/bugfix_type_limit_warning_ssl_context_info.txt b/ChangeLog.d/bugfix_type_limit_warning_ssl_context_info.txt
new file mode 100644
index 000000000000..5a9d2623ba74
--- /dev/null
+++ b/ChangeLog.d/bugfix_type_limit_warning_ssl_context_info.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * read_next_b64_code() isn't correctly checking against EOF because it checks against 'char' rather than 'int'. This is identified via type-limit warning reported by gcc.
+     Reported and fix contributed by naynajain in #3449.
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 9bea31c69024..fb870c86bd7f 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -379,13 +379,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len )
     int valid_balance = 0;  /* balance between valid and invalid characters */
     size_t len = 0;
     char pad = 0;
-    char c = 0;
+    int c = 0;
 
     while( EOF != c )
     {
         char c_valid = 0;
 
-        c = (char) fgetc( b64_file );
+        c = fgetc( b64_file );
 
         if( pad > 0 )
         {