]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b706f2d) | patch
MEDIUM: jwt: Remove certificate support in jwt_verify converter
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Thu, 2 Oct 2025 13:32:40 +0000 (15:32 +0200)
committerWilliam Lallemand <wlallemand@haproxy.com>
Mon, 13 Oct 2025 08:38:52 +0000 (10:38 +0200)
commitc3c0597a34c685ac92efca910790422efa3c6348
treedfd343318ecb3d61f768c5b55042f671c641d168tree | snapshot
parentb706f2d092b02e8e37662d407d3a2a4914872988commit | diff
MEDIUM: jwt: Remove certificate support in jwt_verify converter

The jwt_verify converter will not take full-on certificates anymore
in favor of a new soon to come jwt_verify_cert. We might end up with a
new jwt_verify_hmac in the future as well which would allow to deprecate
the jwt_verify converter and remove the need for a specific internal
tree for public keys.
The logic to always look into the internal jwt tree by default and
resolve to locking the ckch tree as little as possible will also be
removed. This allows to get rid of the duplicated reference to
EVP_PKEYs, the one in the jwt tree entry and the one in the ckch_store.
include/haproxy/jwt-t.h diff | blob | blame | history
include/haproxy/jwt.h diff | blob | blame | history
include/haproxy/ssl_ckch-t.h diff | blob | blame | history
include/haproxy/thread-t.h diff | blob | blame | history
src/jwt.c diff | blob | blame | history
src/ssl_ckch.c diff | blob | blame | history
src/thread.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git