From 3f437ad678b5e236fbf16846f6d002fff5326036 Mon Sep 17 00:00:00 2001
From: VonRehberg <vonrehberg88@gmail.com>
Date: Thu, 28 Nov 2024 13:35:53 +0100
Subject: [PATCH 1/2] fix: allow active revocation on http revoke endpoint

---
 api/revoke.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/api/revoke.go b/api/revoke.go
index 7d87646bd..789416129 100644
--- a/api/revoke.go
+++ b/api/revoke.go
@@ -42,9 +42,6 @@ func (r *RevokeRequest) Validate() (err error) {
 	if r.ReasonCode < ocsp.Unspecified || r.ReasonCode > ocsp.AACompromise {
 		return errs.BadRequest("reasonCode out of bounds")
 	}
-	if !r.Passive {
-		return errs.NotImplemented("non-passive revocation not implemented")
-	}
 
 	return
 }

From 1e858f7cf9659babf7ff8029d2d649ba5119236a Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
Date: Sun, 6 Jul 2025 22:00:17 +0200
Subject: [PATCH 2/2] Clean up active/passive revocation tests

Amend tests to no longer assert an error message upon active revocation
and to instead validate the success on either revocation variant,
reflecting previous changes.

In theory the "Passive" boolean seems removable as it does not add any
functionality besides being logged, but it was found some instances of
it are still needed to block active revocation for SSH certificates.

Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
---
 api/revoke_test.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/api/revoke_test.go b/api/revoke_test.go
index 763986b0f..b80e1d373 100644
--- a/api/revoke_test.go
+++ b/api/revoke_test.go
@@ -43,19 +43,18 @@ func TestRevokeRequestValidate(t *testing.T) {
 			},
 			err: &errs.Error{Err: errors.New("reasonCode out of bounds"), Status: http.StatusBadRequest},
 		},
-		"error/non-passive not implemented": {
+		"ok/passive": {
 			rr: &RevokeRequest{
 				Serial:     "10",
-				ReasonCode: 8,
-				Passive:    false,
+				ReasonCode: 9,
+				Passive:    true,
 			},
-			err: &errs.Error{Err: errors.New("non-passive revocation not implemented"), Status: http.StatusNotImplemented},
 		},
-		"ok": {
+		"ok/active": {
 			rr: &RevokeRequest{
 				Serial:     "10",
 				ReasonCode: 9,
-				Passive:    true,
+				Passive:    false,
 			},
 		},
 	}