From a5a650a0790fae50aca3e47cde34424bc7395d46 Mon Sep 17 00:00:00 2001
From: Christian CECONI <christian.ceconi@gmail.com>
Date: Tue, 16 Feb 2016 17:31:54 +0100
Subject: [PATCH] Update JWT.php

Hi,

The openssl_verify return is not well tested (see http://php.net/manual/fr/function.openssl-verify.php) and the return is not boolean as the phpdoc says.
So, I made a little update to allow control of bad signature to not be considered as an error.
---
 src/JWT.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/JWT.php b/src/JWT.php
index b3532df7..34182799 100644
--- a/src/JWT.php
+++ b/src/JWT.php
@@ -212,10 +212,10 @@ private static function verify($msg, $signature, $key, $alg)
         switch($function) {
             case 'openssl':
                 $success = openssl_verify($msg, $signature, $key, $algorithm);
-                if (!$success) {
-                    throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
+                if(in_array($success, array(0, 1))) {
+                    return $success === 1;
                 } else {
-                    return $signature;
+                    throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
                 }
             case 'hash_hmac':
             default: