From 307294b30ac4743536613527adde296e5be9ebc0 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 29 Apr 2026 10:02:56 +0200 Subject: [PATCH] BUG/MINOR: jws: fix OpenSSL 3.0 version check from > to >= Three #if directives used > 0x30000000L which excluded OpenSSL 3.0.0 exactly from the modern code path, treating it as pre-3.0. Changed all three to >= 0x30000000L to match jwe.c and openssl-compat.h conventions. This affects EC key thumbprint generation, RSA JWK generation, and JWS algorithm detection for OpenSSL 3.0.0. --- src/jws.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/jws.c b/src/jws.c index f8fb4738f..ae94fc3ca 100644 --- a/src/jws.c +++ b/src/jws.c @@ -54,7 +54,7 @@ static size_t EVP_PKEY_EC_to_pub_jwk(EVP_PKEY *pkey, char *dst, size_t dsize) int ret = 0; const char *crv = NULL; -#if HA_OPENSSL_VERSION_NUMBER > 0x30000000L +#if HA_OPENSSL_VERSION_NUMBER >= 0x30000000L char curve[32] = {}; size_t curvelen; int nid; @@ -144,7 +144,7 @@ static size_t EVP_PKEY_RSA_to_pub_jwk(EVP_PKEY *pkey, char *dst, size_t dsize) struct buffer *str_n = NULL, *str_e = NULL; int ret = 0; -#if HA_OPENSSL_VERSION_NUMBER > 0x30000000L +#if HA_OPENSSL_VERSION_NUMBER >= 0x30000000L if ((EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n)) == 0) goto out; @@ -292,7 +292,7 @@ enum jwt_alg EVP_PKEY_to_jws_alg(EVP_PKEY *pkey) enum jwt_alg alg = JWS_ALG_NONE; if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { -#if HA_OPENSSL_VERSION_NUMBER > 0x30000000L +#if HA_OPENSSL_VERSION_NUMBER >= 0x30000000L char curve[32] = {}; size_t curvelen; int nid;