RFC 6960 states:
An OCSP request using the GET method is constructed as follows:
GET {url}/{url-encoding of base-64 encoding of the DER encoding of the OCSPRequest}
However, sending a url-encoded request fails (400 Bad Request):
[f22-2:~/dev/pki] [ fix/lwca-host-crl ] ftweedal% curl -I http://f22-2.ipa.local:8080/ca/ocsp/MGcwZTA%2BMDwwOjAJBgUrDgMCGgUABBRDZrJcZsDTn6Yii8TESb0h9WCStQQUuggtiV2wlfzGPqLB%2FrhkEr6G4ZMCARuiIzAhMB8GCSsGAQUFBzABAgQSBBAisg9UCMEuEVDFDdPCqQ21 HTTP/1.1 400 Bad Request Server: Apache-Coyote/1.1 Content-Length: 0 Date: Wed, 21 Oct 2015 11:44:40 GMT Connection: close
The same request, non url-encoded, succeeds:
[f22-2:~/dev/pki] [ fix/lwca-host-crl ] ftweedal% curl http://f22-2.ipa.local:8080/ca/ocsp/MGcwZTA+MDwwOjAJBgUrDgMCGgUABBRDZrJcZsDTn6Yii8TESb0h9WCStQQUuggtiV2wlfzGPqLB/rhkEr6G4ZMCARuiIzAhMB8GCSsGAQUFBzABAgQSBBAisg9UCMEuEVDFDdPCqQ21 | base64 MIIJPQoBAKCCCTYwggkyBgkrBgEFBQcwAQEEggkjMIIJHzCB2KE8MDoxHzAdBgNVBAoMFklQQS5M ...
Expected result: url-encoded path param succeeds.
attachment pki-ftweedal-0055-Allow-encoded-slashes-in-HTTP-paths.patch
attachment pki-ftweedal-0055-2-Allow-encoded-slashes-in-HTTP-paths.patch
fixed
master:
cbcdeddc2e794be3955edf20ea1597e58c443ba6 Allow encoded slashes in HTTP paths
Per conversations with ftweedal, trivial fix.
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.3.0
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2217
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.