You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the LE certificate profile we have a trailing / in our OCSP AIA extension, this causes some UAs to blindly contact {ocsp-uri}/{ocsp-request} when generating their GET URL which generates technically malformed requests, e.g. example//request, which ocsp-responder will not properly parse.
Both the previous use of http.DefaultServeMux and the default slash collapsing behavior of nginx hid this from us in the past but after #2748 we started throwing base64 decoding issues since the requests contained leading slashes.
The text was updated successfully, but these errors were encountered:
In the LE certificate profile we have a trailing
/
in our OCSP AIA extension, this causes some UAs to blindly contact{ocsp-uri}/{ocsp-request}
when generating their GET URL which generates technically malformed requests, e.g.example//request
, whichocsp-responder
will not properly parse.Both the previous use of
http.DefaultServeMux
and the default slash collapsing behavior ofnginx
hid this from us in the past but after #2748 we started throwing base64 decoding issues since the requests contained leading slashes.The text was updated successfully, but these errors were encountered: