git.kaiwu.me - haproxy.git/commit

author	Remi Tricot-Le Breton <rlebreton@haproxy.com>
	Tue, 10 Mar 2026 13:11:55 +0000 (14:11 +0100)
committer	William Lallemand <wlallemand@haproxy.com>
	Tue, 10 Mar 2026 13:20:42 +0000 (14:20 +0100)
commit	e34b633be3f0ae092b078b6c6f096b5f67b1e8ea
tree	d17fb101e5ea20020df10d7063fb6dee28a401a3	tree \| snapshot
parent	1babe8cb1b00586112f88231ee5f9526fb780a14	commit \| diff

MINOR: jwt: Improve 'jwt_tokenize' function

The 'jwt_tokenize' function that can be used to split a JWT token into
its subparts can either fully process the token (from beginning to end)
when we need to check its signature, or only partially when using the
jwt_header_query or jwt_member_query converters. In this case we relied
on the fact that the return value of the 'jwt_tokenize' function was not
checked because a '-1' was returned (which was not actually an error).

In order to make this logic more explicit, the 'jwt_tokenize' function
now has a way to warn the caller that the token was invalid (less
subparts than the specified 'item_num') or that the token was not
processed in full (enough subparts found without parsing the token all
the way).
The function will now only return 0 if we found strictly the same number
of subparts as 'item_num'.

include/haproxy/jwt.h		diff \| blob \| history
reg-tests/jwt/jws_verify.vtc		diff \| blob \| history
src/jwe.c		diff \| blob \| history
src/jwt.c		diff \| blob \| history
src/sample.c		diff \| blob \| history