diff --git a/ChangeLog b/ChangeLog index d0151b65..f687e3e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +11/30/2023 +- fix SSL server certificate validation when revoking tokens + apply `OIDCSSLValidateServer` setting rather than `OIDCOAuthSSLValidateServer` in `oidc_revoke_tokens` + see https://github.com/OpenIDC/mod_auth_openidc/discussions/1141; thanks @mschmidt72 +- bump to 2.4.15rc7 + 11/27/2023 - use clang-format-17 for code formatting and reformat all code diff --git a/configure.ac b/configure.ac index 0ebd7bc7..04ead2ea 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([mod_auth_openidc],[2.4.15rc6],[hans.zandbelt@openidc.com]) +AC_INIT([mod_auth_openidc],[2.4.15rc7],[hans.zandbelt@openidc.com]) AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION()) diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c index 9c71cd09..053050ed 100644 --- a/src/mod_auth_openidc.c +++ b/src/mod_auth_openidc.c @@ -2951,7 +2951,7 @@ static void oidc_revoke_tokens(request_rec *r, oidc_cfg *c, oidc_session_t *sess apr_table_setn(params, OIDC_PROTO_TOKEN, token); if (oidc_util_http_post_form(r, provider->revocation_endpoint_url, params, basic_auth, bearer_auth, - c->oauth.ssl_validate_server, &response, &c->http_timeout_long, + c->provider.ssl_validate_server, &response, &c->http_timeout_long, &c->outgoing_proxy, oidc_dir_cfg_pass_cookies(r), NULL, NULL, NULL) == FALSE) { oidc_warn(r, "revoking refresh token failed"); @@ -2966,7 +2966,7 @@ static void oidc_revoke_tokens(request_rec *r, oidc_cfg *c, oidc_session_t *sess apr_table_setn(params, OIDC_PROTO_TOKEN, token); if (oidc_util_http_post_form(r, provider->revocation_endpoint_url, params, basic_auth, bearer_auth, - c->oauth.ssl_validate_server, &response, &c->http_timeout_long, + c->provider.ssl_validate_server, &response, &c->http_timeout_long, &c->outgoing_proxy, oidc_dir_cfg_pass_cookies(r), NULL, NULL, NULL) == FALSE) { oidc_warn(r, "revoking access token failed");