BUG/MINOR: jwt: Wrong return value checked

The wrong return value was checked, resulting in dead code and potential bugs. It should fix GitHub issue #2005. This patch should be backported up to 2.5.
2026-02-19 02:29:31 -05:00 · 2023-01-20 09:37:26 +01:00 · 2023-01-20 09:37:26 +01:00 · a0658c3cf3
commit a0658c3cf3
parent 7d84439b48
2 changed files with 3 additions and 2 deletions
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@ -265,7 +265,8 @@ client c12 -connect ${h1_mainfe_sock} {
    rxresp
    expect resp.status == 200
    expect resp.http.x-jwt-alg == "ES512"
-    expect resp.http.x-jwt-verify-ES512 == "0"
+    # Invalid token
+    expect resp.http.x-jwt-verify-ES512 == "-3"
 } -run


--- a/src/jwt.c
+++ b/src/jwt.c
@ -331,7 +331,7 @@ jwt_jwsverify_rsa_ecdsa(const struct jwt_ctx *ctx, struct buffer *decoded_signat
 	 */
 	if (is_ecdsa) {
 		int conv_retval = convert_ecdsa_sig(ctx, entry->pkey, decoded_signature);
-		if (retval != 0) {
+		if (conv_retval != 0) {
 			retval = conv_retval;
 			goto end;
 		}