Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Apply URL encoding/unencoding to OCSP Get requests into release/1.12.x #18941

Merged
merged 1 commit into from
Feb 1, 2023
Merged

Backport of Apply URL encoding/unencoding to OCSP Get requests into release/1.12.x #18941

merged 1 commit into from
Feb 1, 2023

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #18938 to be assessed for backporting due to the inclusion of the label backport/1.12.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

merge conflict error: POST https://api.github.com/repos/hashicorp/vault/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

  • Missed this during development and sadly the unit tests were written at a level that did not expose this issue originally, there are certain combinations of issuer cert + serial that lead to base64 data containing a '/' which will lead to the OCSP handler not getting the full parameter value.
  • When this happens we return a 400 error with a malformed request static OCSP response.
  • Do as the spec says, this should be treated as url-encoded data.
Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/stevendpclark/vault-13105-ocsp-unescaping-get-requests/generally-sound-narwhal branch from 0d98c14 to 0e383de Compare February 1, 2023 16:04
@hashicorp-cla
Copy link

hashicorp-cla commented Feb 1, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@stevendpclark
Apply URL encoding/unencoding to OCSP Get requests (#18938)
92da127 
* Apply URL encoding/unencoding to OCSP Get requests

 - Missed this during development and sadly the unit tests were written
   at a level that did not expose this issue originally, there are
   certain combinations of issuer cert + serial that lead to base64
   data containing a '/' which will lead to the OCSP handler not getting
   the full parameter.
 - Do as the spec says, this should be treated as url-encoded data.

* Add cl

* Add higher level PKI OCSP GET/POST tests

* Rename PKI ocsp files to path_ocsp to follow naming conventions

* make fmt
@stevendpclark stevendpclark force-pushed the backport/stevendpclark/vault-13105-ocsp-unescaping-get-requests/generally-sound-narwhal branch from 6459f38 to 92da127 Compare February 1, 2023 16:10
@stevendpclark stevendpclark self-assigned this Feb 1, 2023
@stevendpclark stevendpclark added this to the 1.12.3 milestone Feb 1, 2023
@stevendpclark stevendpclark marked this pull request as ready for review February 1, 2023 16:12
@stevendpclark stevendpclark enabled auto-merge (squash) February 1, 2023 16:13
@stevendpclark stevendpclark merged commit f703028 into release/1.12.x Feb 1, 2023
@stevendpclark stevendpclark deleted the backport/stevendpclark/vault-13105-ocsp-unescaping-get-requests/generally-sound-narwhal branch February 1, 2023 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

Assignees

@stevendpclark stevendpclark

Labels
None yet
Projects
None yet
Milestone
1.12.3
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-secure-vault-core @hashicorp-cla @stevendpclark