rgw/sts: fix for wrong certificate getting picked during

pritha-srivastava · pritha-srivastava · commit 1bd56a731261 · 2024-08-22T10:22:41.000+05:30
validation of a web token signature. A boolean flag is incorrectly set to true outside the 'if' statement, which causes an incorrect cert to be picked. fixes: https://tracker.ceph.com/issues/54562 Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
@@ -384,7 +384,6 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec
                found_valid_cert = true;
                break;
               }
-              found_valid_cert = true;
             }
             if (! found_valid_cert) {
               ldpp_dout(dpp, 0) << "Cert doesn't match that with the thumbprints registered with oidc provider: " << cert.c_str() << dendl;

Original file line number	Diff line number	Diff line change
`@@ -384,7 +384,6 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec`
`384`	`384`	`found_valid_cert = true;`
`385`	`385`	`break;`
`386`	`386`	`}`
`387`		`- found_valid_cert = true;`
`388`	`387`	`}`
`389`	`388`	`if (! found_valid_cert) {`
`390`	`389`	`ldpp_dout(dpp, 0) << "Cert doesn't match that with the thumbprints registered with oidc provider: " << cert.c_str() << dendl;`