-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GET requests are not decoded with base64 #98
Comments
I'll point out that the SCEP says if the server advertises POST, the client shouldn't be using GET.
Now onto the actual bug, I think I see it. Line 50 in 434638f
but the server does not decode it, Lines 74 to 87 in 434638f
@aduez I'll except a PR to get this fixed if you can verify it. |
Hi, |
if you added it to the decodeSCEPRequest instead of ParsePKIMessage it wouldn't be a hack. |
I think you are right, however I am not sure how to implement this. If I put the base64 decoding in decodeSCEPRequest, won't it try to decode as well on POST requests? (plus I'm not familiar with golang) |
doesnt seem to be fixed yet. I changed message() as it was already decoding by GET/POST switch...
|
When sending a GET SCEP request, the parameter given in the URL is encoded in base64 (as per https://tools.ietf.org/html/draft-gutmann-scep-10#section-4.1):
"When using GET messages to communicate binary data, base64 encoding
as specified in [2] MUST be used. The base64 encoded data is
distinct from "base64url" and may contain URI reserved characters,
thus it MUST be escaped as specified in [8] in addition to being
base64 encoded. Finally, the encoded data is inserted into the
MESSAGE portion of the HTTP GET request."
However in the implementation the message is not decoded.
Could you please have a look at it?
Thank you!
The text was updated successfully, but these errors were encountered: