[Bug 2675] When adding certificates to ssh-agent, use expiry date as upper bound for lifetime

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 3 16:01:19 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2675

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2936|0                           |1
        is obsolete|                            |
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Created attachment 3085
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3085&action=edit
automatically set lifetimes, add -C, -f and -v options

This attempts the same thing a little differently.

This only looks at the valid_before time - I don't think it is helpful
to warn if the certificate isn't yet valid as adding a cert that starts
a few seconds in the future seems like a pretty common thing to do.
Maybe it could be a debug message?

I also added a short grace period for expiring certificates, a way to
override the helpfulness (-f), more nuanced error checking (e.g. not
skipping loading a key if the cert was expired), a -C flag to only load
certs and a verbose (-v) flag to get at the new debug messages.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list