haproxy

mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-09 06:56:09 +02:00

History

Remi Tricot-Le Breton 495eb7b0e0 MINOR: jwe: Disable 'RSA1_5' algorithm by default in jwt_decrypt converters

In RFC8725, section 3.2, they suggest to "Avoid all RSA-PKCS1 v1.5
encryption algorithms" so this algorithm gets disabled by default.
Tokens having this "alg" won't be decrypted unless it is explicitly
reenabled thanks to 'jwt.decrypt_alg_list' global option.

Thanks to Omkhar Arasaratnam for raising our awareness about this!

2026-05-07 18:00:29 +02:00

build_token.py

BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params)

2023-01-18 16:18:31 +01:00

cert.ecdsa.pem

REGTESTS: jwt: Add test with actual certificate passed to jwt_verify

2025-06-30 17:59:55 +02:00

cert.rsa.pem

REGTESTS: jwt: Add test with actual certificate passed to jwt_verify

2025-06-30 17:59:55 +02:00

ec_decrypt.crt

MINOR: jwt: Manage ec certificates in jwt_decrypt_cert