Skip to content

Commit da9ffa4

Browse files
sfc-gh-jdusfc-gh-jdu
authored
1 parent 6f8c455 commit da9ffa4

File tree

3 files changed

+15
-2
lines changed

3 files changed

+15
-2
lines changed

DESCRIPTION.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ Source code is also available at: https://github.com/snowflakedb/snowflake-conne
1616
- Fixed a bug that OCSP certificate signed using SHA384 algorithm cannot be verified.
1717
- Fixed a bug that status code shown as uploaded when PUT command failed with 400 error.
1818
- Fixed a bug that a PermissionError was raised when the current user does not have the right permission on parent directory of config file path.
19+
- Fixed a bug that OCSP GET url is not encoded correctly when it contains a slash.
1920

2021
- v3.10.1(May 21, 2024)
2122

src/snowflake/connector/ocsp_snowflake.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262
from .backoff_policies import exponential_backoff
6363
from .cache import SFDictCache, SFDictFileCache
6464
from .telemetry import TelemetryField, generate_telemetry_data_dict
65+
from .url_util import url_encode_str
6566

6667

6768
class OCSPResponseValidationResult(NamedTuple):
@@ -436,8 +437,9 @@ def _download_ocsp_response_cache(ocsp, url, do_retry: bool = True) -> bool:
436437

437438
def generate_get_url(self, ocsp_url, b64data):
438439
parsed_url = urlsplit(ocsp_url)
440+
url_encoded_b64data = url_encode_str(b64data)
439441
if self.OCSP_RETRY_URL is None:
440-
target_url = f"{ocsp_url}/{b64data}"
442+
target_url = f"{ocsp_url}/{url_encoded_b64data}"
441443
else:
442444
# values of parsed_url.netloc and parsed_url.path based on oscp_url are as follows:
443445
# URL NETLOC PATH
@@ -447,7 +449,9 @@ def generate_get_url(self, ocsp_url, b64data):
447449
# "http://oneocsp.microsoft.com/ocsp" "oneocsp.microsoft.com" "/ocsp"
448450
# The check below is to treat first two urls same
449451
path = parsed_url.path if parsed_url.path != "/" else ""
450-
target_url = self.OCSP_RETRY_URL.format(parsed_url.netloc + path, b64data)
452+
target_url = self.OCSP_RETRY_URL.format(
453+
parsed_url.netloc + path, url_encoded_b64data
454+
)
451455

452456
logger.debug("OCSP Retry URL is - %s", target_url)
453457
return target_url

test/unit/test_ocsp.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -485,6 +485,14 @@ def test_building_retry_url():
485485
== "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com:8080/ocsp/1234"
486486
)
487487

488+
# ensure we handle slash correctly
489+
assert (
490+
OCSP_SERVER.generate_get_url(
491+
"http://oneocsp.microsoft.com:8080/ocsp", "aa//bb/"
492+
)
493+
== "http://ocsp.us-east-1.snowflakecomputing.com/retry/oneocsp.microsoft.com:8080/ocsp/aa%2F%2Fbb%2F"
494+
)
495+
488496
# privatelink retry url with port
489497
OCSP_SERVER.OCSP_RETRY_URL = None
490498
OCSP_SERVER.CACHE_SERVER_URL = (

0 commit comments

Comments
 (0)