Bugfixes
- config: fix
OIDCProviderRevocationEndpoint
(override) for values other than ""; closes #1301; thanks @tarteens - config: add a configuration check for public/private keys when using DPoP; closes #1293; thanks @ahus1
- config: avoid NULL pointer dereferencing when no private keys have been configured
- http: avoid potentional memory leak on cURL handle if
curl_easy_escape
/curl_easy_unescape
fails - proto: correct the check for the optional
token_type
parameter returned from a token endpoint request - util: avoid potential crash on non-conformant literal IPv6 addresses
- jose: prevent potential memory leaks when zlib compression (
deflate
) fails
Features
- add
OIDCProfile
to configure OpenID Connect profile behaviours e.g.FAPI20
, see auth_openidc.conf - http: report errors when
curl_easy_setopt
fails in outgoing HTTP requests
Other
- mod_auth_openidc certified for the FAPI 2.0 Relying Party profiles, see: https://openid.net/certification/#FAPI2-RP .
- minor code changes all over the place to address issues reported by static code analysis software