thr3ads.net - openssh unix dev - confusing documentation for ssh-keygen -V validity

If this information is useful, please help other people find it:
Share via:

Petr Lautrbach

2013-Oct-18 13:31 UTC

confusing documentation for ssh-keygen -V validity_interval

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

ssh-keygen.1 says that:

- -V validity_interval

             For example: ?+52w1d? (valid from now to 52 weeks and one day from
now),
             ?-4w:+4w? (valid from four weeks ago to four weeks from now),

This sounds like the interval is from 4 weeks ago and to 4 weeks from now. But
according to the code,
'to' is created relatively to from not now:

ssh-keygen.c:
1740         if (*from == '-' || *from == '+')
1741                 cert_valid_from = parse_relative_time(from, now);
1742         else
1743                 cert_valid_from = parse_absolute_time(from);
1744
1745         if (*to == '-' || *to == '+')
1746                 cert_valid_to = parse_relative_time(to, cert_valid_from);
1747         else
1748                 cert_valid_to = parse_absolute_time(to);

What is right? The man page or the code?

Thanks,

Petr
- -- 
Petr Lautrbach
Security Technologies
Red Hat

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)

iQIcBAEBAgAGBQJSYTg4AAoJEGOorUuYLENzjBEQALIwDWBTXu4q3FMTXSoEe4MV
SB/SujyukHSUBF9aAGHHSznCiu7GWi6bR18tlyjujO8rvtdHmSRRJ1uR99IMIqAp
mBzDbt3UgKJ98Dnr481XKu8AnmJ4F5zHumF5j2U/Q2NBM1HS5pFBPcdPCt1kJwDP
C2HerTf3JEn68s43Dv8lLZmFZFu/ZG7HOvzjBOv4nHqpRmxrIFqq1KM2UvQr9nYF
mflDjdnMRHUsQeocsYMp3EKfddFnvg7w9b4ZJuhtXu5M0CexH23iNb4qVAEQzs8U
jX8zLO6Kmtp0D1CbfEuPdqsFpNya+2R/ijsJXtbVMXJ1gloCNbcjiRcEXGEL/ArD
1kvEZ0URpD1ZX5mLTVuG0L1AMTsXn9rvZPOWZMuYDGW0/bUFuIbgMvvimdwOpA4/
w4L3eif7j/JL4aKkJZKALxIfvdvwgynuC8OtDxseOAyt5Bmvk1ew8n3JZfkQRN4B
k/gtobSdHGAQfH/bqiwz57jWL4HWfr/iPFrYYVUtzLDwQAO9bS4QTu1wPQsv8MdN
LEVCLZRr6e1xKQpTPIGyk73gjvKtyEKQZs7iso3X83kmOv8Qpc2ViBOATPGuHeoY
b/gBSayj50gwlmrUosRr9UL53o3ZgQDsOGsLUcDD2ZZfc0ETCpDt19jItKSGS/y0
l7swCjQle5b8DhLDfLzz
=p/YF
-----END PGP SIGNATURE-----

Damien Miller

2013-Oct-23 05:32 UTC

head link

confusing documentation for ssh-keygen -V validity_interval

On Fri, 18 Oct 2013, Petr Lautrbach wrote:
> ssh-keygen.1 says that:
> 
> - -V validity_interval
> 
>              For example: ?+52w1d? (valid from now to 52 weeks and one day
from now),
>              ?-4w:+4w? (valid from four weeks ago to four weeks from now),
> 
> This sounds like the interval is from 4 weeks ago and to 4 weeks from now.
But according to the code,
> 'to' is created relatively to from not now:
> 
> ssh-keygen.c:
> 1740         if (*from == '-' || *from == '+')
> 1741                 cert_valid_from = parse_relative_time(from, now);
> 1742         else
> 1743                 cert_valid_from = parse_absolute_time(from);
> 1744
> 1745         if (*to == '-' || *to == '+')
> 1746                 cert_valid_to = parse_relative_time(to,
cert_valid_from);
> 1747         else
> 1748                 cert_valid_to = parse_absolute_time(to);
> 
> What is right? The man page or the code?
The manpage should be right. I've fixed this for openssh-6.4.

Thanks,
Damien

Seemingly Similar Threads

Search for more possibly parallel threads

openssh unix dev - Oct 2013 - confusing documentation for ssh-keygen -V validity_interval

confusing documentation for ssh-keygen -V validity_interval

confusing documentation for ssh-keygen -V validity_interval

Seemingly Similar Threads