#ifdef USE_OPENSSL
enum jwt_alg jwt_parse_alg(const char *alg_str, unsigned int alg_len);
int jwt_tokenize(const struct buffer *jwt, struct jwt_item *items, unsigned int *item_num);
-int jwt_tree_load_cert(char *path, int pathlen, const char *file, int line, char **err);
+int jwt_tree_load_cert(char *path, int pathlen, int tryload_cert, const char *file, int line, char **err);
enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer *alg,
const struct buffer *key, int is_x509);
* Parse a public certificate and insert it into the jwt_cert_tree.
* Returns 0 in case of success.
*/
-int jwt_tree_load_cert(char *path, int pathlen, const char *file, int line, char **err)
+int jwt_tree_load_cert(char *path, int pathlen, int tryload_cert, const char *file, int line, char **err)
{
int retval = -1;
struct jwt_cert_tree_entry *entry = NULL;
}
}
+ if (!tryload_cert)
+ goto end;
+
/* Look for an actual certificate or crt-store with the given name.
* If the path corresponds to an actual certificate that was not loaded
* yet we will create the corresponding ckch_store. */
break;
default:
retval = (jwt_tree_load_cert(args[1].data.str.area, args[1].data.str.data,
- file, line, err) == 0);
+ 0, file, line, err) == 0);
/* The second arg might be an HMAC secret but
* the 'alg' is stored in a var */
if (!retval && args[0].type == ARGT_VAR)
break;
default:
retval = (jwt_tree_load_cert(args[1].data.str.area, args[1].data.str.data,
- file, line, err) == 0);
+ 1, file, line, err) == 0);
break;
}
} else if (args[1].type == ARGT_VAR) {
projects / thirdparty / haproxy.git / commitdiff
