From: Olivier Houchard <ohouchard@haproxy.com>
Date: Thu, 7 May 2026 16:27:58 +0000 (+0200)
Subject: BUG/MEDIUM: jwe: Fix jwt.decrypt_alg_list to work correctly
X-Git-Tag: v3.4-dev11~3
X-Git-Url: http://www.kaiwu.me/sitemap.xml?a=commitdiff_plain;h=81abfaa4dfad9a2d5d0f81951fe7710226d8f1dd;p=haproxy.git

BUG/MEDIUM: jwe: Fix jwt.decrypt_alg_list to work correctly

Function jwe_parse_global_alg_enc_list() handles both
jwt.decrypt_alg_list and jwd.decrypt_enc_list, but to know which array
to use, between the algorithms and encoding arrays to use, it was
checking the string to see if it matched jwe.supported_algorithms, so it
was always considering we were dealing with encodings, and
jwt.decrypt_alg_list could not possibly work.
Fix that by checking the right string.
---

diff --git a/src/jwe.c b/src/jwe.c
index d192cfd4c..2b8eafe59 100644
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -2175,11 +2175,11 @@ static int jwe_parse_global_alg_enc_list(char **args, int section_type, struct p
 	if (dup_alg_enc_arrays())
 		goto end;
 
-	if (args[0][14] == 'a') {
-		/* "jwe.supported_algorithms" */
+	if (args[0][12] == 'a') {
+		/* "jwt.decrypt_alg_list" */
 		arr = jwe_algs;
 	} else {
-		/* "jwe.supported_encodings" */
+		/* "jwt.decrypt_enc_list" */
 		arr = jwe_encodings;
 	}