confusing documentation for ssh-keygen -V validity_interval

[Petr Lautrbach]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

ssh-keygen.1 says that:

- -V validity_interval

             For example: “+52w1d” (valid from now to 52 weeks and one day from now),
             “-4w:+4w” (valid from four weeks ago to four weeks from now),

This sounds like the interval is from 4 weeks ago and to 4 weeks from now. But according to the code,
'to' is created relatively to from not now:

ssh-keygen.c:
1740         if (*from == '-' || *from == '+')
1741                 cert_valid_from = parse_relative_time(from, now);
1742         else
1743                 cert_valid_from = parse_absolute_time(from);
1744
1745         if (*to == '-' || *to == '+')
1746                 cert_valid_to = parse_relative_time(to, cert_valid_from);
1747         else
1748                 cert_valid_to = parse_absolute_time(to);

What is right? The man page or the code?

Thanks,

Petr
- -- 
Petr Lautrbach
Security Technologies
Red Hat

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)

iQIcBAEBAgAGBQJSYTg4AAoJEGOorUuYLENzjBEQALIwDWBTXu4q3FMTXSoEe4MV
SB/SujyukHSUBF9aAGHHSznCiu7GWi6bR18tlyjujO8rvtdHmSRRJ1uR99IMIqAp
mBzDbt3UgKJ98Dnr481XKu8AnmJ4F5zHumF5j2U/Q2NBM1HS5pFBPcdPCt1kJwDP
C2HerTf3JEn68s43Dv8lLZmFZFu/ZG7HOvzjBOv4nHqpRmxrIFqq1KM2UvQr9nYF
mflDjdnMRHUsQeocsYMp3EKfddFnvg7w9b4ZJuhtXu5M0CexH23iNb4qVAEQzs8U
jX8zLO6Kmtp0D1CbfEuPdqsFpNya+2R/ijsJXtbVMXJ1gloCNbcjiRcEXGEL/ArD
1kvEZ0URpD1ZX5mLTVuG0L1AMTsXn9rvZPOWZMuYDGW0/bUFuIbgMvvimdwOpA4/
w4L3eif7j/JL4aKkJZKALxIfvdvwgynuC8OtDxseOAyt5Bmvk1ew8n3JZfkQRN4B
k/gtobSdHGAQfH/bqiwz57jWL4HWfr/iPFrYYVUtzLDwQAO9bS4QTu1wPQsv8MdN
LEVCLZRr6e1xKQpTPIGyk73gjvKtyEKQZs7iso3X83kmOv8Qpc2ViBOATPGuHeoY
b/gBSayj50gwlmrUosRr9UL53o3ZgQDsOGsLUcDD2ZZfc0ETCpDt19jItKSGS/y0
l7swCjQle5b8DhLDfLzz
=p/YF
-----END PGP SIGNATURE-----