From 81abfaa4dfad9a2d5d0f81951fe7710226d8f1dd Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Thu, 7 May 2026 18:27:58 +0200
Subject: [PATCH] BUG/MEDIUM: jwe: Fix jwt.decrypt_alg_list to work correctly

Function jwe_parse_global_alg_enc_list() handles both
jwt.decrypt_alg_list and jwd.decrypt_enc_list, but to know which array
to use, between the algorithms and encoding arrays to use, it was
checking the string to see if it matched jwe.supported_algorithms, so it
was always considering we were dealing with encodings, and
jwt.decrypt_alg_list could not possibly work.
Fix that by checking the right string.
---
 src/jwe.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/jwe.c b/src/jwe.c
index d192cfd4c..2b8eafe59 100644
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -2175,11 +2175,11 @@ static int jwe_parse_global_alg_enc_list(char **args, int section_type, struct p
 	if (dup_alg_enc_arrays())
 		goto end;
 
-	if (args[0][14] == 'a') {
-		/* "jwe.supported_algorithms" */
+	if (args[0][12] == 'a') {
+		/* "jwt.decrypt_alg_list" */
 		arr = jwe_algs;
 	} else {
-		/* "jwe.supported_encodings" */
+		/* "jwt.decrypt_enc_list" */
 		arr = jwe_encodings;
 	}