From 5b01b0dcb417eb615df77e7ce1b59319bf04342c Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 23 Oct 2013 16:31:31 +1100
Subject:    - djm@cvs.openbsd.org 2013/10/23 04:16:22      [ssh-keygen.c]     
 Make code match documentation: relative-specified certificate expiry time    
  should be relative to current time and not the validity start time.     
 Reported by Petr Lautrbach; ok deraadt@

---
 ChangeLog    | 5 +++++
 ssh-keygen.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 85cc3ec66..a4af4e897 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,11 @@
    - djm@cvs.openbsd.org 2013/10/23 03:05:19
      [readconf.c ssh.c]
      comment
+   - djm@cvs.openbsd.org 2013/10/23 04:16:22
+     [ssh-keygen.c]
+     Make code match documentation: relative-specified certificate expiry time
+     should be relative to current time and not the validity start time.
+     Reported by Petr Lautrbach; ok deraadt@
 
 20131018
  - (djm) OpenBSD CVS Sync
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b8d55452d..b664a5f1f 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.234 2013/09/02 22:00:34 deraadt Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.235 2013/10/23 04:16:22 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1743,7 +1743,7 @@ parse_cert_times(char *timespec)
 		cert_valid_from = parse_absolute_time(from);
 
 	if (*to == '-' || *to == '+')
-		cert_valid_to = parse_relative_time(to, cert_valid_from);
+		cert_valid_to = parse_relative_time(to, now);
 	else
 		cert_valid_to = parse_absolute_time(to);
 
-- 
cgit v1.2.3