[Bug 3468] New: Validity interval changes during Daylight Saving Time
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Aug 8 23:49:06 AEST 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3468
Bug ID: 3468
Summary: Validity interval changes during Daylight Saving Time
Product: Portable OpenSSH
Version: v9.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: florfoto at gmail.com
Description of problem:
When specifying a validity interval when signing a certificate using -V
option, an hour is added if the system timezone is in Daylight Saving
Time (DST).
Version-Release number of selected component (if applicable):
openssh-8.7p1-8.el9
How reproducible:
Always
Steps to Reproduce:
1. Grant access on July 28 2022 from 10:00 to 12:00hs:
~~~
[root at rhel9server ~]# ssh-keygen -s ssh_ca -I myuser -n myuser -V
202207281000:202207281200 .ssh/id_rsa.pub
Signed user key .ssh/id_rsa-cert.pub: id "myuser" serial 0 for myuser
valid from 2022-07-28T11:00:00 to 2022-07-28T13:00:00
~~~
Actual results:
The previous output says "valid from 2022-07-28T11:00:00 to
2022-07-28T13:00:00" instead of "valid from 2022-07-28T10:00:00 to
2022-07-28T12:00:00".
~~~
[root at rhel9server ~]# ssh-keygen -Lf .ssh/id_rsa-cert.pub
.ssh/id_rsa-cert.pub:
Type: ssh-rsa-cert-v01 at openssh.com user certificate
Public key: RSA-CERT
SHA256:P8r+Z3Hiir9KIg/D04vNwlr9zAYw1k6b6xEeZbF0fps
Signing CA: RSA
SHA256:0GHrCSlevbRxJCe6/+XzSXx6qzWGre4S0kfrP9R+AcA (using rsa-sha2-512)
Key ID: "myuser"
Serial: 0
Valid: from 2022-07-28T11:00:00 to 2022-07-28T13:00:00
Principals:
myuser
Critical Options: (none)
Extensions:
permit-X11-forwarding
permit-agent-forwarding
permit-port-forwarding
permit-pty
permit-user-rc
~~~
Expected results:
1. Grant access on July 28 2022 from 10:00 to 12:00hs (not from 11:00
to 13:00hs):
~~~
[root at rhel9server ~]# ssh-keygen -s ssh_ca -I myuser -n myuser -V
202207281000:202207281200 .ssh/id_rsa.pub
Signed user key .ssh/id_rsa-cert.pub: id "myuser" serial 0 for myuser
valid from 2022-07-28T10:00:00 to 2022-07-28T12:00:00
~~~
Additional info:
This only happens when the system clock is in DST.
When DST finishes( for example in November for Europe/Brussels
timezone), there isn´t an hour added:
~~~
[root at rhel9server ~]# ssh-keygen -s ssh_ca -I myuser -n myuser -V
202211281000:202211281200 .ssh/id_rsa.pub
Signed user key .ssh/id_rsa-cert.pub: id "myuser" serial 0 for myuser
valid from 2022-11-28T10:00:00 to 2022-11-28T12:00:00
~~~
Description of problem:
When specifying a validity interval when signing a certificate using -V
option, an hour is added if the system timezone is in Daylight Saving
Time (DST).
Version-Release number of selected component (if applicable):
openssh-8.7p1-8.el9
How reproducible:
Always
Steps to Reproduce:
1. Grant access on July 28 2022 from 10:00 to 12:00hs:
~~~
[root at rhel9server ~]# ssh-keygen -s ssh_ca -I myuser -n myuser -V
202207281000:202207281200 .ssh/id_rsa.pub
Signed user key .ssh/id_rsa-cert.pub: id "myuser" serial 0 for myuser
valid from 2022-07-28T11:00:00 to 2022-07-28T13:00:00
~~~
Actual results:
The previous output says "valid from 2022-07-28T11:00:00 to
2022-07-28T13:00:00" instead of "valid from 2022-07-28T10:00:00 to
2022-07-28T12:00:00".
~~~
[root at rhel9server ~]# ssh-keygen -Lf .ssh/id_rsa-cert.pub
.ssh/id_rsa-cert.pub:
Type: ssh-rsa-cert-v01 at openssh.com user certificate
Public key: RSA-CERT
SHA256:P8r+Z3Hiir9KIg/D04vNwlr9zAYw1k6b6xEeZbF0fps
Signing CA: RSA
SHA256:0GHrCSlevbRxJCe6/+XzSXx6qzWGre4S0kfrP9R+AcA (using rsa-sha2-512)
Key ID: "myuser"
Serial: 0
Valid: from 2022-07-28T11:00:00 to 2022-07-28T13:00:00
Principals:
myuser
Critical Options: (none)
Extensions:
permit-X11-forwarding
permit-agent-forwarding
permit-port-forwarding
permit-pty
permit-user-rc
~~~
Expected results:
1. Grant access on July 28 2022 from 10:00 to 12:00hs (not from 11:00
to 13:00hs):
~~~
[root at rhel9server ~]# ssh-keygen -s ssh_ca -I myuser -n myuser -V
202207281000:202207281200 .ssh/id_rsa.pub
Signed user key .ssh/id_rsa-cert.pub: id "myuser" serial 0 for myuser
valid from 2022-07-28T10:00:00 to 2022-07-28T12:00:00
~~~
Additional info:
This only happens when the system clock is in DST.
When DST finishes( for example in november for Europe/Brussels
timezone), there isn´t an hour added:
~~~
[root at rhel9server ~]# ssh-keygen -s ssh_ca -I myuser -n myuser -V
202211281000:202211281200 .ssh/id_rsa.pub
Signed user key .ssh/id_rsa-cert.pub: id "myuser" serial 0 for myuser
valid from 2022-11-28T10:00:00 to 2022-11-28T12:00:00
~~~
Is this behavior expected or is it a bug?
Thanks in advance.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list