Sign with the signer key. Previously the verify key was used, which only worked
if the signing and verifying keys were the same.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909926 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/modules/aaa/mod_autht_jwt.c b/modules/aaa/mod_autht_jwt.c
index f48bdd6..f1754cf 100644
--- a/modules/aaa/mod_autht_jwt.c
+++ b/modules/aaa/mod_autht_jwt.c
@@ -616,8 +616,9 @@
return "error:no-claims";
}
- if (conf->verifies_set) {
- srec = (auth_bearer_signature_rec *)conf->verifies->elts;
+ /* sign with the first key, if present */
+ if (conf->signs_set) {
+ srec = (auth_bearer_signature_rec *)conf->signs->elts;
}
/* create a JWT containing the claims */