Comment mention both x5c and x5u being defined when they are not #82

rcjsuen · 2018-06-20T11:41:56Z

Lines 601 to 606 in ee1d024

    
           -- TODO When both x5c and x5u are defined, the implementation should 
        
           -- ensure their content match 
        
           -- cf. https://tools.ietf.org/html/rfc7517#section-4.6 
        
           jwt_obj[str_const.reason] = "Unsupported RS256 key model" 
        
           return nil

In the code above, the comment talks about not handling the case of both x5c and x5u are defined. However, it is possible to get that far down in the code path if both x5c and x5u are nil. Is that supposed to be a different case that should be handled?

According to RFC 7515, both x5c and x5u as header parameters are optional it seems...?

The text was updated successfully, but these errors were encountered:

rcjsuen · 2018-06-20T12:36:36Z

Alternatively, perhaps the issue is that I called jwt:set_trusted_certs_file(...) and/or jwt:set_x5u_content_retriever(...) when I don't actually need to (as my JWT's header doesn't contain an x5c or an x5u property)?

If that's the case, could the error message be improved to make this clearer and/or some comments get inlined here to clarify this?

Sorry, I'm new to all this JWT stuff so I could just be calling the APIs wrong...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comment mention both x5c and x5u being defined when they are not #82

Comment mention both x5c and x5u being defined when they are not #82

rcjsuen commented Jun 20, 2018

rcjsuen commented Jun 20, 2018

Comment mention both x5c and x5u being defined when they are not #82

Comment mention both x5c and x5u being defined when they are not #82

Comments

rcjsuen commented Jun 20, 2018

rcjsuen commented Jun 20, 2018