From: Graham Leggett <minfrin@apache.org>
Date: Fri, 19 May 2023 10:24:27 +0000 (+0000)
Subject: Sign with the signer key. Previously the verify key was used, which only worked
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18bc01fc3d2dcf6a5fd7dd5685b5092bfaa26060;p=thirdparty%2Fapache%2Fhttpd.git

Sign with the signer key. Previously the verify key was used, which only worked
if the signing and verifying keys were the same.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909926 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_autht_jwt.c b/modules/aaa/mod_autht_jwt.c
index f48bdd698fc..f1754cfb5c5 100644
--- a/modules/aaa/mod_autht_jwt.c
+++ b/modules/aaa/mod_autht_jwt.c
@@ -616,8 +616,9 @@ static const char *jwt_get_token(request_rec *r)
         return "error:no-claims";
     }
 
-    if (conf->verifies_set) {
-        srec = (auth_bearer_signature_rec *)conf->verifies->elts;
+    /* sign with the first key, if present */
+    if (conf->signs_set) {
+        srec = (auth_bearer_signature_rec *)conf->signs->elts;
     }
 
     /* create a JWT containing the claims */