OIDCPublicKeyFiles: keys and certs?

[ronniebrunner]

I've used mod_auth_openidc in a few projects (greate module btw, thanks for it!) and now, I stumbled across a possible documentation inconsistency because I have problems configuring token encryption.

https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf says about OIDCPublicKeyFiles (line 176):

# The fully qualified names of the files that contain the PEM-formatted RSA Public key or a X.509 certificates
# that contain the RSA public keys to be used for JWT (OP state/id_token) encryption by the OP.

When trying to configure a public key, however, I get an error from the module complaining about the key:

apr_jwk_parse_rsa_public_key failed for (kid=mykid) "/pathto/mykey.pub": [src/jose/apr_jwk.c:135: apr_jwk_rsa_bio_to_key]: PEM_read_bio_X509_AUX() failed: error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large\n

Looking at the code of the module's config.c, I find this (line 2818):

AP_INIT_ITERATE(OIDCPublicKeyFiles,
  oidc_set_public_key_files,
  void *)APR_OFFSETOF(oidc_cfg, public_keys),
  RSRC_CONF,
  "The fully qualified names of the files that contain the X.509 certificates that contains the RSA public keys that can be used for encryption by the OP."),

Does this imply that you can only use x.509 certificates in OIDCPublicKeyFiles after all? Or is there anything else that I'm obviously doing wrong?

Thanks for any hints...
Ronnie

[zandbelt]

it looks like you're using a very old version of the module that not supports the features of the current documentation that you're pointing to

[ronniebrunner]

Yep, you're right. It was "a bit" dated :-). Nevertheless: I thinkg the error message in the latest version of config.c should be adapted to reflect the additional functionality of also supporting keys.