Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 1c891bcc90346aa84f8b16bc6fe00fa6c104a4cb^! / . / doc / configuration.txt
commit1c891bcc90346aa84f8b16bc6fe00fa6c104a4cb[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Mon Oct 18 15:14:49 2021 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Mon Oct 18 16:02:29 2021 +0200
tree33c5f1ac6d8f98322bae637d8e2b0479d899bf6b
parent0b24d2fa4543dbbdf6f32c35e3313906065e84b3 [diff] [blame]
MINOR: jwt: jwt_verify returns negative values in case of error

In order for all the error return values to be distributed on the same
side (instead of surrounding the success error code), the return values
for errors other than a simple verification failure are switched to
negative values. This way the result of the jwt_verify converter can be
compared strictly to 1 as well relative to 0 (any <= 0 return value is
an error).
The documentation was also modified to discourage conversion of the
return value into a boolean (which would definitely not work).

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 5811dc5..f261201 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -16576,8 +16576,10 @@
   Performs a signature verification for the JSON Web Token (JWT) given in input
   by using the <alg> algorithm and the <key> parameter, which should either
   hold a secret or a path to a public certificate. Returns 1 in case of
-  verification success. See below for a full list of the possible return
-  values.
+  verification success, 0 in case of verification error and a strictly negative
+  value for any other error. Because of all those non-null error return values,
+  the result of this converter should never be converted to a boolean. See
+  below for a full list of the possible return values.
 
   For now, only JWS tokens using the Compact Serialization format can be
   processed (three dot-separated base64-url encoded strings). Among the
@@ -16604,13 +16606,13 @@
   +----+----------------------------------------------------------------------+
   | ID | message                                                              |
   +----+----------------------------------------------------------------------+
-  | 0  | "Verification failure"                                               |
-  | 1  | "Verification sucess"                                                |
-  | 2  | "Unknown algorithm (not mentioned in RFC7518)"                       |
-  | 3  | "Unmanaged algorithm (PSXXX algorithm family)"                       |
-  | 4  | "Invalid token"                                                      |
-  | 5  | "Out of memory"                                                      |
-  | 6  | "Unknown certificate"                                                |
+  |  0 | "Verification failure"                                               |
+  |  1 | "Verification sucess"                                                |
+  | -1 | "Unknown algorithm (not mentioned in RFC7518)"                       |
+  | -2 | "Unmanaged algorithm (PSXXX algorithm family)"                       |
+  | -3 | "Invalid token"                                                      |
+  | -4 | "Out of memory"                                                      |
+  | -5 | "Unknown certificate"                                                |
   +----+----------------------------------------------------------------------+
 
   Please note that this converter is only available when HAProxy has been