On 3/28/22 11:23, Jan Schermer wrote:
Reading ssh-keygen(1) I have no clue whether time strings specified with
-V are supposed to be local time or UTC.
we just entered DST here in Czech Republic, and my CA started
generating certificates with a +1h offset: >
ssh-keygen -U -s some-ca-key.pub -V 20220328110400:20220328112400 [..]
Signed user key 438-cert.pub: id
"eed3f7c7-4809-46e7-892e-6e3642da59c8 " serial 0 valid from
2022-03-28T12:04:00 to 2022-03-28T12:24:00
IMHO implying local time could cause all sorts of strange issues in case
time-zone info is not correctly set for a service etc.
Any plans to fix this? Apparently I am not the only person who
My own implementation only uses relative time format like "+4h". AFAICS
the spec in PROTOCOL.certkeys defines the validity period based on
time-stamps with senconds-since-epoch (UTC).
openssh-unix-dev mailing list