From 59781b23ed43c2212cfeaabfa40e83295d11ee5f Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Wed, 23 Oct 2024 10:24:43 +0200 Subject: [PATCH] allow plain http URLs in metadata elements jwks_uri and signed_jwks_uri to ensure backwards compatibility with <=2.4.15.7 and to support private/test deployments Signed-off-by: Hans Zandbelt --- ChangeLog | 4 ++++ src/cfg/provider.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4f652d8d..9e7737a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +10/23/2024 +- metadata: allow plain HTTP URLs in metadata elements `jwks_uri` and `signed_jwks_uri` + to ensure backwards compatibility with <=2.4.15.7 and to support private/test deployments + 10/22/2024 - address warnings from static code analysis tool CodeChecker - bump to 2.4.16.6dev diff --git a/src/cfg/provider.c b/src/cfg/provider.c index 7802c12f..8c7d1e03 100644 --- a/src/cfg/provider.c +++ b/src/cfg/provider.c @@ -492,7 +492,7 @@ const char *oidc_cfg_provider_jwks_uri_uri_get(oidc_provider_t *provider) { } const char *oidc_cfg_provider_jwks_uri_set(apr_pool_t *pool, oidc_provider_t *provider, const char *arg) { - const char *rv = oidc_cfg_parse_is_valid_url(pool, arg, "https"); + const char *rv = oidc_cfg_parse_is_valid_http_url(pool, arg); if (rv == NULL) provider->jwks_uri.uri = apr_pstrdup(pool, arg); return rv; @@ -556,7 +556,7 @@ const char *oidc_cfg_provider_signed_jwks_uri_set(apr_pool_t *pool, oidc_provide json_t *json = NULL; if ((arg1 != NULL) && (_oidc_strcmp(arg1, "") != 0)) { - rv = oidc_cfg_parse_is_valid_url(pool, arg1, "https"); + rv = oidc_cfg_parse_is_valid_http_url(pool, arg1); if (rv != NULL) goto end; provider->jwks_uri.signed_uri = apr_pstrdup(pool, arg1);