Skip to content

Commit 0cab40a

Browse files
tacerustacerus
committed
Clean up active revocation via API
- amend outdated comments to reflect active revocation being supported - amend tests to no longer assert an error message upon active revocation and to instead validate the success on either revocation variant In theory the "Passive" boolean seems removable as it does not add any functionality besides being logged, but it was found some instances of it are still needed to block active revocation for SSH certificates. Signed-off-by: Georg Pfuetzenreuter <[email protected]>
1 parent 6f1ee8b commit 0cab40a

File tree

3 files changed

+7
-13
lines changed

3 files changed

+7
-13
lines changed

api/revoke.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,9 +48,7 @@ func (r *RevokeRequest) Validate() (err error) {
4848

4949
// Revoke supports handful of different methods that revoke a Certificate.
5050
//
51-
// NOTE: currently only Passive revocation is supported.
52-
//
53-
// TODO: Add CRL and OCSP support.
51+
// TODO: Add OCSP support.
5452
func Revoke(w http.ResponseWriter, r *http.Request) {
5553
var body RevokeRequest
5654
if err := read.JSON(r.Body, &body); err != nil {

api/revoke_test.go

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -43,19 +43,18 @@ func TestRevokeRequestValidate(t *testing.T) {
4343
},
4444
err: &errs.Error{Err: errors.New("reasonCode out of bounds"), Status: http.StatusBadRequest},
4545
},
46-
"error/non-passive not implemented": {
46+
"ok/passive": {
4747
rr: &RevokeRequest{
4848
Serial: "10",
49-
ReasonCode: 8,
50-
Passive: false,
49+
ReasonCode: 9,
50+
Passive: true,
5151
},
52-
err: &errs.Error{Err: errors.New("non-passive revocation not implemented"), Status: http.StatusNotImplemented},
5352
},
54-
"ok": {
53+
"ok/active": {
5554
rr: &RevokeRequest{
5655
Serial: "10",
5756
ReasonCode: 9,
58-
Passive: true,
57+
Passive: false,
5958
},
6059
},
6160
}

authority/tls.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -568,10 +568,7 @@ type RevokeOptions struct {
568568

569569
// Revoke revokes a certificate.
570570
//
571-
// NOTE: Only supports passive revocation - prevent existing certificates from
572-
// being renewed.
573-
//
574-
// TODO: Add OCSP and CRL support.
571+
// TODO: Add OCSP support.
575572
func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error {
576573
opts := []interface{}{
577574
errs.WithKeyVal("serialNumber", revokeOpts.Serial),

0 commit comments

Comments
 (0)