Re: ssh-keygen -V doesn't respect DST

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 3/28/22 11:23, Jan Schermer wrote:

we just entered DST here in Czech Republic, and my CA started
generating certificates with a +1h offset: >
ssh-keygen -U -s some-ca-key.pub -V 20220328110400:20220328112400 [..]

Signed user key 438-cert.pub: id
"eed3f7c7-4809-46e7-892e-6e3642da59c8 " serial 0 valid from
2022-03-28T12:04:00 to 2022-03-28T12:24:00
Reading ssh-keygen(1) I have no clue whether time strings specified with -V are supposed to be local time or UTC.
IMHO implying local time could cause all sorts of strange issues in case time-zone info is not correctly set for a service etc. 


Any plans to fix this? Apparently I am not the only person who
encountered it
https://github.com/cloudtools/ssh-ca/blob/master/ssh_ca/utils.py#L72
My own implementation only uses relative time format like "+4h". AFAICS the spec in PROTOCOL.certkeys defines the validity period based on time-stamps with senconds-since-epoch (UTC). 

Ciao, Michael.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux