[Bug 3311] Certificate validity "forever" is not documented in PROTOCOL.certkeys

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu May 13 20:43:55 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3311

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
"forever" in ssh-keygen sets valid_after=0 and
valid_before=0xffffffffffffffff, so that's not the case you're talking
about here unless you're considering wall clock times before 1970 or
many billions of years in the future:
https://github.com/openssh/openssh-portable/blob/d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d/ssh-keygen.c#L1954

The other case has nothing to do with certificates (note that the
'opts' variable here is not a key, but another type). It is to support
the authorized_keys "expiry-time" keyword:
https://github.com/openssh/openssh-portable/blob/d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d/sshd.8#L527

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list