[Bug 3311] New: Certificate validity "forever" is not documented in PROTOCOL.certkeys

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu May 13 11:57:15 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3311

            Bug ID: 3311
           Summary: Certificate validity "forever" is not documented in
                    PROTOCOL.certkeys
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mariano.cano at gmail.com

PROTOCOL.certkeys does not document the special case when "valid
before" is set to 0. A certificate like this will be always valid
("forever").


This is the current text in the PROTOCOL.certkeys:

```
"valid after" and "valid before" specify a validity period for the
certificate. Each represents a time in seconds since 1970-01-01
00:00:00. A certificate is considered valid if:

    valid after <= current time < valid before
```

With that description a certificate with valid before set to 0 will not
be valid.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list