getinfo: repair CURLINFO_TLS_SESSION

This should return a SSL_CTX pointer but it was accidentally broken. Verify with test 1587 Follow-up to 2db8ae480f Spotted by Codex Security Closes #21290
2026-04-14 18:31:42 +03:00 · 2026-04-10 15:50:17 +02:00 · 2026-04-10 15:50:17 +02:00 · 3e40ccb875
commit 3e40ccb875
parent 935e1f9963
7 changed files with 168 additions and 10 deletions
--- a/lib/cfilters.c
+++ b/lib/cfilters.c
@ -676,14 +676,16 @@ bool Curl_conn_is_ssl(struct connectdata *conn, int sockindex)

 bool Curl_conn_get_ssl_info(struct Curl_easy *data,
                            struct connectdata *conn, int sockindex,
+                            int query,
                            struct curl_tlssessioninfo *info)
 {
  if(!CONN_SOCK_IDX_VALID(sockindex))
    return FALSE;
  if(Curl_conn_is_ssl(conn, sockindex)) {
    struct Curl_cfilter *cf = conn->cfilter[sockindex];
-    CURLcode result = cf ? cf->cft->query(cf, data, CF_QUERY_SSL_INFO,
-                               NULL, (void *)info) : CURLE_UNKNOWN_OPTION;
+    CURLcode result = cf ?
+      cf->cft->query(cf, data, query, NULL, (void *)info) :
+      CURLE_UNKNOWN_OPTION;
    return !result;
  }
  return FALSE;
--- a/lib/cfilters.h
+++ b/lib/cfilters.h
@ -394,12 +394,13 @@ bool Curl_conn_is_ip_connected(struct Curl_easy *data, int sockindex);
 bool Curl_conn_is_ssl(struct connectdata *conn, int sockindex);

 /*
- * Fill `info` with information about the TLS instance securing
- * the connection when available, otherwise e.g. when
- * Curl_conn_is_ssl() is FALSE, return FALSE.
+ * Fill `info` with information about the TLS instance securing the connection
+ * when available, otherwise e.g. when Curl_conn_is_ssl() is FALSE, return
+ * FALSE. 'query' should be CF_QUERY_SSL_INFO or CF_QUERY_SSL_CTX_INFO.
 */
 bool Curl_conn_get_ssl_info(struct Curl_easy *data,
                            struct connectdata *conn, int sockindex,
+                            int query,
                            struct curl_tlssessioninfo *info);

 CURLcode Curl_conn_get_ip_info(struct Curl_easy *data,
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@ -586,6 +586,8 @@ static CURLcode getinfo_slist(struct Curl_easy *data, CURLINFO info,
    break;
  case CURLINFO_TLS_SESSION:
  case CURLINFO_TLS_SSL_PTR: {
+    int query = (info == CURLINFO_TLS_SSL_PTR) ?
+      CF_QUERY_SSL_INFO : CF_QUERY_SSL_CTX_INFO;
    struct curl_tlssessioninfo **tsip = (struct curl_tlssessioninfo **)
      param_slistp;
    struct curl_tlssessioninfo *tsi = &data->tsi;
@ -593,7 +595,7 @@ static CURLcode getinfo_slist(struct Curl_easy *data, CURLINFO info,
    /* we are exposing a pointer to internal memory with unknown
     * lifetime here. */
    *tsip = tsi;
-    if(!Curl_conn_get_ssl_info(data, data->conn, FIRSTSOCKET, tsi)) {
+    if(!Curl_conn_get_ssl_info(data, data->conn, FIRSTSOCKET, query, tsi)) {
      tsi->backend = Curl_ssl_backend();
      tsi->internals = NULL;
    }
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@ -208,7 +208,7 @@ test1548 test1549 test1550 test1551 test1552 test1553 test1554 test1555 \
 test1556 test1557 test1558 test1559 test1560 test1561 test1562 test1563 \
 test1564 test1565 test1566 test1567 test1568 test1569 test1570 test1571 \
 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 \
-test1580 test1581 test1582 test1583 test1584 test1585 test1586 \
+test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 \
 \
 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 \
 test1598 test1599 test1600 test1601 test1602 test1603 test1604 test1605 \
--- a/tests/data/test1587
+++ b/tests/data/test1587
@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+HTTPS
+CURLINFO_TLS_SESSION
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data crlf="headers" nocheck="yes">
+HTTP/1.1 401 OK
+Date: Tue, 09 Nov 2030 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+WWW-Authenticate: curl2000
+
+nomnom
+</data>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+OpenSSL
+</features>
+<server>
+http
+https
+</server>
+<name>
+CURLINFO_TLS_SESSION and CURLINFO_TLS_SSL_PTR with OpenSSL
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+<command>
+https://%HOSTIP:%HTTPSPORT/
+</command>
+</client>
+
+<verify>
+<stdout mode="text">
+CURLINFO_TLS_SESSION: OK
+CURLINFO_TLS_SSL_PTR: OK
+</stdout>
+</verify>
+
+</testcase>
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@ -96,8 +96,7 @@ TESTS_C = \
  lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c \
  lib1559.c lib1560.c                               lib1564.c lib1565.c \
  lib1567.c lib1568.c lib1569.c           lib1571.c \
-  lib1576.c \
-  lib1582.c \
+  lib1576.c lib1582.c lib1587.c \
  lib1591.c lib1592.c lib1593.c lib1594.c                     lib1597.c \
  lib1598.c lib1599.c \
  lib1662.c \
--- a/tests/libtest/lib1587.c
+++ b/tests/libtest/lib1587.c
@ -0,0 +1,103 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "first.h"
+
+#ifdef USE_OPENSSL
+
+#include <stdio.h>
+#include <curl/curl.h>
+#include <openssl/ssl.h>
+#include <vtls/openssl.h>
+
+#ifdef HAVE_BORINGSSL_LIKE
+/* BoringSSL and AWS-LC */
+typedef uint32_t opt1587;
+#else
+typedef uint64_t opt1587;
+#endif
+
+static size_t write_cb(char *ptr, size_t size, size_t nmemb, void *stream)
+{
+  const struct curl_tlssessioninfo *info;
+  CURLcode result;
+  static int once;
+  CURL *curl = stream;
+  (void)ptr;
+
+  if(!once++) {
+    result = curl_easy_getinfo(curl, CURLINFO_TLS_SESSION, &info);
+
+    if(result == CURLE_OK) {
+      /* set and read stuff using the SSL_CTX to verify it */
+      opt1587 opts = SSL_CTX_get_options(info->internals);
+      SSL_CTX_set_options(info->internals, opts);
+      curl_mprintf("CURLINFO_TLS_SESSION: OK\n");
+    }
+
+    result = curl_easy_getinfo(curl, CURLINFO_TLS_SSL_PTR, &info);
+
+    if(result == CURLE_OK) {
+      /* set and read stuff using the SSL pointer to verify it */
+      opt1587 opts = SSL_get_options(info->internals);
+      SSL_set_options(info->internals, opts);
+      curl_mprintf("CURLINFO_TLS_SSL_PTR: OK\n");
+    }
+  }
+
+  return size * nmemb;
+}
+
+static CURLcode test_lib1587(const char *URL)
+{
+  CURLcode result = curl_global_init(CURL_GLOBAL_ALL);
+  CURL *curl;
+  if(result)
+    return result;
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, URL);
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, curl);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+
+    result = curl_easy_perform(curl);
+    curl_easy_cleanup(curl);
+  }
+
+  curl_global_cleanup();
+
+  return result;
+}
+#else
+/* without OpenSSL this does nothing */
+static CURLcode test_lib1587(const char *URL)
+{
+  (void)URL;
+  return CURLE_OK;
+}
+#endif