ssh-keygen -V doesn't respect DST

Darren Tucker dtucker at dtucker.net
Mon Mar 28 21:15:32 AEDT 2022


On Mon, Mar 28, 2022 at 11:23:35AM +0200, Jan Schermer wrote:
> Hi,
> we just entered DST here in Czech Republic, and my CA started generating certificates with a +1h offset:
[...]
> Any plans to fix this? Apparently I am not the only person who encountered it https://github.com/cloudtools/ssh-ca/blob/master/ssh_ca/utils.py#L72 <https://github.com/cloudtools/ssh-ca/blob/master/ssh_ca/utils.py#L72>

Assuming I'm read the man page right, I think this should fix it.

diff --git a/misc.c b/misc.c
index 85d223695..03e6e5f19 100644
--- a/misc.c
+++ b/misc.c
@@ -2429,6 +2429,7 @@ parse_absolute_time(const char *s, uint64_t *tp)
 	memset(&tm, 0, sizeof(tm));
 	if (strptime(buf, fmt, &tm) == NULL)
 		return SSH_ERR_INVALID_FORMAT;
+	tm.tm_isdst = -1;  /* auto detect DST */
 	if ((tt = mktime(&tm)) < 0)
 		return SSH_ERR_INVALID_FORMAT;
 	/* success */

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list