Skip to content

Commit

Permalink
backport of commit 98f4d1f (hashicorp#19613)
Browse files Browse the repository at this point in the history
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
  • Loading branch information
1 parent a584e67 commit f233eed
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 1 deletion.
2 changes: 2 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.12.x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -182,3 +182,5 @@ As a workaround, OCSP POST requests can be used which are unaffected.
Affects version 1.12.3. A fix will be released in 1.12.4.

@include 'tokenization-rotation-persistence.mdx'

@include 'ocsp-redirect.mdx'
4 changes: 3 additions & 1 deletion website/content/docs/upgrading/upgrade-to-1.13.x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -78,4 +78,6 @@ are unaffected.

## Known Issues

@include 'tokenization-rotation-persistence.mdx'
@include 'tokenization-rotation-persistence.mdx'

@include 'ocsp-redirect.mdx'
11 changes: 11 additions & 0 deletions website/content/partials/ocsp-redirect.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
### PKI OCSP GET requests can return HTTP redirect responses

If a base64 encoded OCSP request contains consecutive '/' characters, the GET request
will return a 301 permanent redirect response. If the redirection is followed, the
request will not decode as it will not be a properly base64 encoded request.

As a workaround, OCSP POST requests can be used which are unaffected.

#### Impacted Versions

Affects all current versions of 1.12.x and 1.13.x

0 comments on commit f233eed

Please sign in to comment.