confusing documentation for ssh-keygen -V validity_interval
Damien Miller
djm at mindrot.org
Wed Oct 23 16:32:18 EST 2013
On Fri, 18 Oct 2013, Petr Lautrbach wrote:
> ssh-keygen.1 says that:
>
> - -V validity_interval
>
> For example: ?+52w1d? (valid from now to 52 weeks and one day from now),
> ?-4w:+4w? (valid from four weeks ago to four weeks from now),
>
> This sounds like the interval is from 4 weeks ago and to 4 weeks from now. But according to the code,
> 'to' is created relatively to from not now:
>
> ssh-keygen.c:
> 1740 if (*from == '-' || *from == '+')
> 1741 cert_valid_from = parse_relative_time(from, now);
> 1742 else
> 1743 cert_valid_from = parse_absolute_time(from);
> 1744
> 1745 if (*to == '-' || *to == '+')
> 1746 cert_valid_to = parse_relative_time(to, cert_valid_from);
> 1747 else
> 1748 cert_valid_to = parse_absolute_time(to);
>
> What is right? The man page or the code?
The manpage should be right. I've fixed this for openssh-6.4.
Thanks,
Damien
More information about the openssh-unix-dev
mailing list