diff options
-rw-r--r-- | ssh-keygen.1 | 23 | ||||
-rw-r--r-- | ssh-keygen.c | 12 |
2 files changed, 24 insertions, 11 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 5f1ec09b0..0ade33de9 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.144 2017/07/08 18:32:54 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.145 2017/11/03 05:14:04 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: July 8 2017 $ | 38 | .Dd $Mdocdate: November 3 2017 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -584,13 +584,20 @@ Specify a validity interval when signing a certificate. | |||
584 | A validity interval may consist of a single time, indicating that the | 584 | A validity interval may consist of a single time, indicating that the |
585 | certificate is valid beginning now and expiring at that time, or may consist | 585 | certificate is valid beginning now and expiring at that time, or may consist |
586 | of two times separated by a colon to indicate an explicit time interval. | 586 | of two times separated by a colon to indicate an explicit time interval. |
587 | The start time may be specified as a date in YYYYMMDD format, a time | 587 | .Pp |
588 | in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting | 588 | The start time may be specified as the string |
589 | of a minus sign followed by a relative time in the format described in the | 589 | .Dq always |
590 | to indicate the certificate has no specified start time, | ||
591 | a date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format, | ||
592 | a relative time (to the current time) consisting of a minus sign followed by | ||
593 | an interval in the format described in the | ||
590 | TIME FORMATS section of | 594 | TIME FORMATS section of |
591 | .Xr sshd_config 5 . | 595 | .Xr sshd_config 5 . |
592 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or | 596 | .Pp |
593 | a relative time starting with a plus character. | 597 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time, |
598 | a relative time starting with a plus character or the string | ||
599 | .Dq forever | ||
600 | to indicate that the certificate has no expirty date. | ||
594 | .Pp | 601 | .Pp |
595 | For example: | 602 | For example: |
596 | .Dq +52w1d | 603 | .Dq +52w1d |
@@ -601,6 +608,8 @@ For example: | |||
601 | (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), | 608 | (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), |
602 | .Dq -1d:20110101 | 609 | .Dq -1d:20110101 |
603 | (valid from yesterday to midnight, January 1st, 2011). | 610 | (valid from yesterday to midnight, January 1st, 2011). |
611 | .Dq -1m:forever | ||
612 | (valid from one minute ago and never expiring). | ||
604 | .It Fl v | 613 | .It Fl v |
605 | Verbose mode. | 614 | Verbose mode. |
606 | Causes | 615 | Causes |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 835f7d016..02f9b3fb8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.307 2017/07/07 03:53:12 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.308 2017/11/03 05:14:04 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1832,7 +1832,7 @@ parse_absolute_time(const char *s) | |||
1832 | s, s + 4, s + 6, s + 8, s + 10, s + 12); | 1832 | s, s + 4, s + 6, s + 8, s + 10, s + 12); |
1833 | break; | 1833 | break; |
1834 | default: | 1834 | default: |
1835 | fatal("Invalid certificate time format %s", s); | 1835 | fatal("Invalid certificate time format \"%s\"", s); |
1836 | } | 1836 | } |
1837 | 1837 | ||
1838 | memset(&tm, 0, sizeof(tm)); | 1838 | memset(&tm, 0, sizeof(tm)); |
@@ -1865,8 +1865,8 @@ parse_cert_times(char *timespec) | |||
1865 | 1865 | ||
1866 | /* | 1866 | /* |
1867 | * from:to, where | 1867 | * from:to, where |
1868 | * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 1868 | * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always" |
1869 | * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | 1869 | * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever" |
1870 | */ | 1870 | */ |
1871 | from = xstrdup(timespec); | 1871 | from = xstrdup(timespec); |
1872 | to = strchr(from, ':'); | 1872 | to = strchr(from, ':'); |
@@ -1876,11 +1876,15 @@ parse_cert_times(char *timespec) | |||
1876 | 1876 | ||
1877 | if (*from == '-' || *from == '+') | 1877 | if (*from == '-' || *from == '+') |
1878 | cert_valid_from = parse_relative_time(from, now); | 1878 | cert_valid_from = parse_relative_time(from, now); |
1879 | else if (strcmp(from, "always") == 0) | ||
1880 | cert_valid_from = 0; | ||
1879 | else | 1881 | else |
1880 | cert_valid_from = parse_absolute_time(from); | 1882 | cert_valid_from = parse_absolute_time(from); |
1881 | 1883 | ||
1882 | if (*to == '-' || *to == '+') | 1884 | if (*to == '-' || *to == '+') |
1883 | cert_valid_to = parse_relative_time(to, now); | 1885 | cert_valid_to = parse_relative_time(to, now); |
1886 | else if (strcmp(to, "forever") == 0) | ||
1887 | cert_valid_to = ~(u_int64_t)0; | ||
1884 | else | 1888 | else |
1885 | cert_valid_to = parse_absolute_time(to); | 1889 | cert_valid_to = parse_absolute_time(to); |
1886 | 1890 | ||