diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 52 |
1 files changed, 8 insertions, 44 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index f9091951e..14dc261f1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.280 2015/11/18 08:37:28 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.281 2015/11/19 01:08:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1487,44 +1487,6 @@ do_change_comment(struct passwd *pw) | |||
1487 | exit(0); | 1487 | exit(0); |
1488 | } | 1488 | } |
1489 | 1489 | ||
1490 | static const char * | ||
1491 | fmt_validity(u_int64_t valid_from, u_int64_t valid_to) | ||
1492 | { | ||
1493 | char from[32], to[32]; | ||
1494 | static char ret[64]; | ||
1495 | time_t tt; | ||
1496 | struct tm *tm; | ||
1497 | |||
1498 | *from = *to = '\0'; | ||
1499 | if (valid_from == 0 && valid_to == 0xffffffffffffffffULL) | ||
1500 | return "forever"; | ||
1501 | |||
1502 | if (valid_from != 0) { | ||
1503 | /* XXX revisit INT_MAX in 2038 :) */ | ||
1504 | tt = valid_from > INT_MAX ? INT_MAX : valid_from; | ||
1505 | tm = localtime(&tt); | ||
1506 | strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); | ||
1507 | } | ||
1508 | if (valid_to != 0xffffffffffffffffULL) { | ||
1509 | /* XXX revisit INT_MAX in 2038 :) */ | ||
1510 | tt = valid_to > INT_MAX ? INT_MAX : valid_to; | ||
1511 | tm = localtime(&tt); | ||
1512 | strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); | ||
1513 | } | ||
1514 | |||
1515 | if (valid_from == 0) { | ||
1516 | snprintf(ret, sizeof(ret), "before %s", to); | ||
1517 | return ret; | ||
1518 | } | ||
1519 | if (valid_to == 0xffffffffffffffffULL) { | ||
1520 | snprintf(ret, sizeof(ret), "after %s", from); | ||
1521 | return ret; | ||
1522 | } | ||
1523 | |||
1524 | snprintf(ret, sizeof(ret), "from %s to %s", from, to); | ||
1525 | return ret; | ||
1526 | } | ||
1527 | |||
1528 | static void | 1490 | static void |
1529 | add_flag_option(struct sshbuf *c, const char *name) | 1491 | add_flag_option(struct sshbuf *c, const char *name) |
1530 | { | 1492 | { |
@@ -1618,7 +1580,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1618 | int r, i, fd; | 1580 | int r, i, fd; |
1619 | u_int n; | 1581 | u_int n; |
1620 | struct sshkey *ca, *public; | 1582 | struct sshkey *ca, *public; |
1621 | char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; | 1583 | char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; |
1622 | FILE *f; | 1584 | FILE *f; |
1623 | 1585 | ||
1624 | #ifdef ENABLE_PKCS11 | 1586 | #ifdef ENABLE_PKCS11 |
@@ -1693,13 +1655,15 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1693 | fclose(f); | 1655 | fclose(f); |
1694 | 1656 | ||
1695 | if (!quiet) { | 1657 | if (!quiet) { |
1658 | sshkey_format_cert_validity(public->cert, | ||
1659 | valid, sizeof(valid)); | ||
1696 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " | 1660 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
1697 | "valid %s", sshkey_cert_type(public), | 1661 | "valid %s", sshkey_cert_type(public), |
1698 | out, public->cert->key_id, | 1662 | out, public->cert->key_id, |
1699 | (unsigned long long)public->cert->serial, | 1663 | (unsigned long long)public->cert->serial, |
1700 | cert_principals != NULL ? " for " : "", | 1664 | cert_principals != NULL ? " for " : "", |
1701 | cert_principals != NULL ? cert_principals : "", | 1665 | cert_principals != NULL ? cert_principals : "", |
1702 | fmt_validity(cert_valid_from, cert_valid_to)); | 1666 | valid); |
1703 | } | 1667 | } |
1704 | 1668 | ||
1705 | sshkey_free(public); | 1669 | sshkey_free(public); |
@@ -1899,7 +1863,7 @@ show_options(struct sshbuf *optbuf, int in_critical) | |||
1899 | static void | 1863 | static void |
1900 | print_cert(struct sshkey *key) | 1864 | print_cert(struct sshkey *key) |
1901 | { | 1865 | { |
1902 | char *key_fp, *ca_fp; | 1866 | char valid[64], *key_fp, *ca_fp; |
1903 | u_int i; | 1867 | u_int i; |
1904 | 1868 | ||
1905 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); | 1869 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
@@ -1907,6 +1871,7 @@ print_cert(struct sshkey *key) | |||
1907 | fingerprint_hash, SSH_FP_DEFAULT); | 1871 | fingerprint_hash, SSH_FP_DEFAULT); |
1908 | if (key_fp == NULL || ca_fp == NULL) | 1872 | if (key_fp == NULL || ca_fp == NULL) |
1909 | fatal("%s: sshkey_fingerprint fail", __func__); | 1873 | fatal("%s: sshkey_fingerprint fail", __func__); |
1874 | sshkey_format_cert_validity(key->cert, valid, sizeof(valid)); | ||
1910 | 1875 | ||
1911 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), | 1876 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
1912 | sshkey_cert_type(key)); | 1877 | sshkey_cert_type(key)); |
@@ -1915,8 +1880,7 @@ print_cert(struct sshkey *key) | |||
1915 | sshkey_type(key->cert->signature_key), ca_fp); | 1880 | sshkey_type(key->cert->signature_key), ca_fp); |
1916 | printf(" Key ID: \"%s\"\n", key->cert->key_id); | 1881 | printf(" Key ID: \"%s\"\n", key->cert->key_id); |
1917 | printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); | 1882 | printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); |
1918 | printf(" Valid: %s\n", | 1883 | printf(" Valid: %s\n", valid); |
1919 | fmt_validity(key->cert->valid_after, key->cert->valid_before)); | ||
1920 | printf(" Principals: "); | 1884 | printf(" Principals: "); |
1921 | if (key->cert->nprincipals == 0) | 1885 | if (key->cert->nprincipals == 0) |
1922 | printf("(none)\n"); | 1886 | printf("(none)\n"); |