Add known issue about OCSP GET redirection responses (hashicorp#19523)

fopina · Mar 17, 2023 · 98f4d1f · 98f4d1f
1 parent 00150a5
commit 98f4d1f
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/website/content/docs/upgrading/upgrade-to-1.12.x.mdx b/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
@@ -182,3 +182,5 @@ As a workaround, OCSP POST requests can be used which are unaffected.
 Affects version 1.12.3. A fix will be released in 1.12.4.
 
 @include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
diff --git a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
@@ -78,4 +78,6 @@ are unaffected.
 
 ## Known Issues
 
-@include 'tokenization-rotation-persistence.mdx'
+@include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
diff --git a/website/content/partials/ocsp-redirect.mdx b/website/content/partials/ocsp-redirect.mdx
@@ -0,0 +1,11 @@
+### PKI OCSP GET requests can return HTTP redirect responses
+
+If a base64 encoded OCSP request contains consecutive '/' characters, the GET request
+will return a 301 permanent redirect response. If the redirection is followed, the
+request will not decode as it will not be a properly base64 encoded request.
+
+As a workaround, OCSP POST requests can be used which are unaffected.
+
+#### Impacted Versions
+
+Affects all current versions of 1.12.x and 1.13.x