diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt
new file mode 100644
index 000000000000..403b76eaf5c8
--- /dev/null
+++ b/ChangeLog.d/bugfix_3794.txt
@@ -0,0 +1,3 @@
+Bugfix
+  * Fix handling of EOF against 0xff bytes and on platforms with
+    unsigned chars. Fixes #3794.
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index df8819a80439..d109c1e6f7a5 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -377,13 +377,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len )
     int valid_balance = 0;  /* balance between valid and invalid characters */
     size_t len = 0;
     char pad = 0;
-    char c = 0;
+    int c = 0;
 
     while( EOF != c )
     {
         char c_valid = 0;
 
-        c = (char) fgetc( b64_file );
+        c = fgetc( b64_file );
 
         if( pad > 0 )
         {