wolfssl: fix possible assert with !HAVE_NO_EX wolfSSL builds

Without this option `wolfSSL_get_app_data()` always returns NULL. Disable codepaths using it (and its `set` pair) when curl is built against a wolfSSL library with this option missing. Fixing: ``` curl: ../../lib/vtls/wolfssl.c:486: wssl_vtls_new_session_cb: Assertion `cf != ((void *)0)' failed. ``` wolfSSL can be built with the `--enable-context-extra-user-data` or `-DWOLFSSL_EX_DATA` option to enable this feature. Some higher-level features also enable it automatically like QUIC, ASIO. Reported-by: Yedaya Katsman Bug: https://github.com/curl/curl/pull/19816#issuecomment-3606447845 Ref: https://github.com/curl/curl/actions/runs/19871780796/job/56949160740 Closes #19852
2026-04-15 00:41:41 +03:00 · 2025-12-05 14:53:35 +01:00 · 2025-12-05 14:53:35 +01:00 · cc5c1553fb
commit cc5c1553fb
parent a3f4fd25d3
2 changed files with 10 additions and 0 deletions
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@ -414,6 +414,7 @@ static void wssl_bio_cf_free_methods(void)

 #endif /* !USE_BIO_CHAIN */

+#ifdef HAVE_EX_DATA
 CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
                                 struct Curl_easy *data,
                                 const char *ssl_peer_key,
@ -497,6 +498,7 @@ static int wssl_vtls_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
  }
  return 0;
 }
+#endif

 static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf,
                                      struct Curl_easy *data,
@ -1260,10 +1262,12 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
  }
 #endif

+#ifdef HAVE_EX_DATA
  if(Curl_ssl_scache_use(cf, data) && (transport != TRNSPRT_QUIC)) {
    /* Register to get notified when a new session is received */
    wolfSSL_CTX_sess_set_new_cb(wctx->ssl_ctx, wssl_vtls_new_session_cb);
  }
+#endif

  if(cb_setup) {
    result = cb_setup(cf, data, cb_user_data);
@ -1304,7 +1308,11 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
    goto out;
  }

+#ifdef HAVE_EX_DATA
  wolfSSL_set_app_data(wctx->ssl, ssl_user_data);
+#else
+  (void)ssl_user_data;
+#endif
 #ifdef WOLFSSL_QUIC
  if(transport == TRNSPRT_QUIC)
    wolfSSL_set_quic_use_legacy_codepoint(wctx->ssl, 0);
--- a/lib/vtls/wolfssl.h
+++ b/lib/vtls/wolfssl.h
@ -75,6 +75,7 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
                                    struct Curl_easy *data,
                                    struct wssl_ctx *wssl);

+#ifdef HAVE_EX_DATA
 CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
                                 struct Curl_easy *data,
                                 const char *ssl_peer_key,
@ -83,6 +84,7 @@ CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
                                 const char *alpn,
                                 unsigned char *quic_tp,
                                 size_t quic_tp_len);
+#endif

 CURLcode Curl_wssl_verify_pinned(struct Curl_cfilter *cf,
                                 struct Curl_easy *data,