From 6f1ee8bdbbd937e701fe1a76b14095122a64be1f Mon Sep 17 00:00:00 2001
From: VonRehberg <vonrehberg88@gmail.com>
Date: Thu, 28 Nov 2024 13:35:53 +0100
Subject: [PATCH 1/2] fix: allow active revocation on http revoke endpoint

---
 api/revoke.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/api/revoke.go b/api/revoke.go
index 41969c083..072ff7e04 100644
--- a/api/revoke.go
+++ b/api/revoke.go
@@ -42,9 +42,6 @@ func (r *RevokeRequest) Validate() (err error) {
 	if r.ReasonCode < ocsp.Unspecified || r.ReasonCode > ocsp.AACompromise {
 		return errs.BadRequest("reasonCode out of bounds")
 	}
-	if !r.Passive {
-		return errs.NotImplemented("non-passive revocation not implemented")
-	}
 
 	return
 }

From 5730d1b8897c3963dd5e945adbd16833fced1eea Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
Date: Sun, 6 Jul 2025 22:00:17 +0200
Subject: [PATCH 2/2] Clean up active/passive revocation tests

Amend tests to no longer assert an error message upon active revocation
and to instead validate the success on either revocation variant,
reflecting previous changes.

In theory the "Passive" boolean seems removable as it does not add any
functionality besides being logged, but it was found some instances of
it are still needed to block active revocation for SSH certificates.

Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
---
 api/revoke_test.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/api/revoke_test.go b/api/revoke_test.go
index 763986b0f..b80e1d373 100644
--- a/api/revoke_test.go
+++ b/api/revoke_test.go
@@ -43,19 +43,18 @@ func TestRevokeRequestValidate(t *testing.T) {
 			},
 			err: &errs.Error{Err: errors.New("reasonCode out of bounds"), Status: http.StatusBadRequest},
 		},
-		"error/non-passive not implemented": {
+		"ok/passive": {
 			rr: &RevokeRequest{
 				Serial:     "10",
-				ReasonCode: 8,
-				Passive:    false,
+				ReasonCode: 9,
+				Passive:    true,
 			},
-			err: &errs.Error{Err: errors.New("non-passive revocation not implemented"), Status: http.StatusNotImplemented},
 		},
-		"ok": {
+		"ok/active": {
 			rr: &RevokeRequest{
 				Serial:     "10",
 				ReasonCode: 9,
-				Passive:    true,
+				Passive:    false,
 			},
 		},
 	}