backport of commit 98f4d1f (#19613)

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
hashicorp · Mar 17, 2023 · f233eed · f233eed
1 parent a584e67
commit f233eed
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/website/content/docs/upgrading/upgrade-to-1.12.x.mdx b/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
@@ -182,3 +182,5 @@ As a workaround, OCSP POST requests can be used which are unaffected.
 Affects version 1.12.3. A fix will be released in 1.12.4.
 
 @include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
diff --git a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
@@ -78,4 +78,6 @@ are unaffected.
 
 ## Known Issues
 
-@include 'tokenization-rotation-persistence.mdx'
+@include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
diff --git a/website/content/partials/ocsp-redirect.mdx b/website/content/partials/ocsp-redirect.mdx
@@ -0,0 +1,11 @@
+### PKI OCSP GET requests can return HTTP redirect responses
+
+If a base64 encoded OCSP request contains consecutive '/' characters, the GET request
+will return a 301 permanent redirect response. If the redirection is followed, the
+request will not decode as it will not be a properly base64 encoded request.
+
+As a workaround, OCSP POST requests can be used which are unaffected.
+
+#### Impacted Versions
+
+Affects all current versions of 1.12.x and 1.13.x