Comments (3)
Hello @mkauf ,
Thanks for the report. Indeed there are bugs in the jwk validation functions. Fixing the kty
bug made me realize other parts had some bugs too (I'm talking to you both x5c
and x5u
!).
Also, some tests were simply wrong, like this one: https://github.com/babelouest/rhonabwy/blob/master/test/jwk_import.c#L685
I'll soon push a fix about that, shouldn't take long.
from rhonabwy.
The bug has been fixed in the master branch, including some refactoring of the functions r_jwk_is_valid
and r_jwk_key_type
.
from rhonabwy.
Thank you very much for the bugfix!
from rhonabwy.
Related Issues (19)
- maybe-uninitialized warning in r_jws_serialize HOT 2
- Suggestion: Special treatment for unsecured JWTs ("alg": "none") HOT 8
- Building with dependencies with non-standard PREFIX does not work HOT 3
- Disable the support for embedded JWKs or allow to disable it HOT 7
- [FeatureReq] Support for Windows HOT 5
- [Windows] Compilation errors HOT 1
- specify non-default path to CA cert when importing JWK(S) from remote server HOT 5
- undefined reference to `o_base64_encode_alloc' HOT 2
- Pubkey not set but signature verification possible HOT 8
- Incorrect KDF for AxxxCBC with ECDH-ES
- Incorrect KDF for AxxxCBC with ECDH-ES HOT 7
- Build failed on FreeBSD-14 which use clang15 as cc HOT 1
- Build of rnbyc failed on Mac HOT 3
- Signature files are missing for the newest release (1.1.12) HOT 3
- validating array values HOT 2
- Question: is my code safe against `alg: null`? HOT 3
- Incorrect padding removal condition HOT 4
- Suggestion: Rename r_jwks_import_from_str() to r_jwks_import_from_json_str() HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rhonabwy.