Add known issue about OCSP GET redirection responses (#19523)

2025-10-29 17:52:32 +00:00 · 2023-03-17 14:07:04 -04:00
parent 00150a5040
commit 98f4d1f8c2
3 changed files with 16 additions and 1 deletions
--- a/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
@@ -182,3 +182,5 @@ As a workaround, OCSP POST requests can be used which are unaffected.
 Affects version 1.12.3. A fix will be released in 1.12.4.

@include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
--- a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
@@ -78,4 +78,6 @@ are unaffected.

 ## Known Issues

-@include 'tokenization-rotation-persistence.mdx'
+@include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
--- a/website/content/partials/ocsp-redirect.mdx
+++ b/website/content/partials/ocsp-redirect.mdx
@@ -0,0 +1,11 @@
+### PKI OCSP GET requests can return HTTP redirect responses
+
+If a base64 encoded OCSP request contains consecutive '/' characters, the GET request
+will return a 301 permanent redirect response. If the redirection is followed, the
+request will not decode as it will not be a properly base64 encoded request.
+
+As a workaround, OCSP POST requests can be used which are unaffected.
+
+#### Impacted Versions
+
+Affects all current versions of 1.12.x and 1.13.x