From cbc08643705b1b8e055b380c00cfd74e31fd6d37 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Mon, 17 Oct 2022 12:38:53 +0200 Subject: [PATCH] Remove TODO and clarify ACME revoke authorization method docs --- authority/provisioner/acme.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/authority/provisioner/acme.go b/authority/provisioner/acme.go index d68c0b93..67a24919 100644 --- a/authority/provisioner/acme.go +++ b/authority/provisioner/acme.go @@ -260,16 +260,15 @@ func (p *ACME) AuthorizeSign(ctx context.Context, token string) ([]SignOption, e } // AuthorizeRevoke is called just before the certificate is to be revoked by -// the CA. It can be used to authorize revocation of a certificate. It -// currently is a no-op. -// TODO(hs): add configuration option that toggles revocation? Or change function signature to make it more useful? -// Or move certain logic out of the Revoke API to here? Would likely involve some more stuff in the ctx. +// the CA. It can be used to authorize revocation of a certificate. With the +// ACME protocol, revocation authorization is specified and performed as part +// of the client/server interaction, so this is a no-op. func (p *ACME) AuthorizeRevoke(ctx context.Context, token string) error { return nil } // AuthorizeRenew returns an error if the renewal is disabled. -// NOTE: This method does not actually validate the certificate or check it's +// NOTE: This method does not actually validate the certificate or check its // revocation status. Just confirms that the provisioner that created the // certificate was configured to allow renewals. func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error {