Mailing List Archive

[Bug 3468] Validity interval changes during Daylight Saving Time
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
It's arguably correct - the validity intervals are defined to operate
in the local TZ.

That being said, it is potentially surprising. I have been thinking of
allowing -V to accept less ambiguous time specifications, specifically:

- raw seconds-since-epoch, as hex (0x...) values
- exact date/times in the UTC TZ, as "UTCYYYYMMDD[HHMMSS]"

Would this help you?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3468] Validity interval changes during Daylight Saving Time [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |dtucker@dtucker.net
Assignee|unassigned-bugs@mindrot.org |djm@mindrot.org
Attachment #3611| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #5 from Damien Miller <djm@mindrot.org> ---
Created attachment 3611
--> https://bugzilla.mindrot.org/attachment.cgi?id=3611&action=edit
Implement 'Z' suffix and raw hex seconds-since-epoch

This implements the Z suffix and 0x-prefixed hex values for
seconds-since-epoch.

I didn't go with '@decimal' for the latter as IMO these are mostly
intended for interfacing with other tools (inc. tests) and are a bit
easier to tell apart from something date/time-shaped and consequently
less likely to enter accidentally.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3468] Validity interval changes during Daylight Saving Time [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3612| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #6 from Damien Miller <djm@mindrot.org> ---
Created attachment 3612
--> https://bugzilla.mindrot.org/attachment.cgi?id=3612&action=edit
unit test for parse_absolute_time(), including forced UTC conversions

Regress test for library function.

I should note that the underlying parse_absolute_time() function is
used in a few places, so the previous diff updates the manpages for the
other places the additional UTC dates can be reached.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3468] Validity interval changes during Daylight Saving Time [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3611|ok?(dtucker@dtucker.net) |
Flags| |
Attachment #3611|0 |1
is obsolete| |
Attachment #3613| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #7 from Damien Miller <djm@mindrot.org> ---
Created attachment 3613
--> https://bugzilla.mindrot.org/attachment.cgi?id=3613&action=edit
fixed: Implement 'Z' suffix and raw hex seconds-since-epoch

oops, original diff had a typo. Please review this

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3468] Validity interval changes during Daylight Saving Time [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3612|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3468] Validity interval changes during Daylight Saving Time [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3613|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3468] Validity interval changes during Daylight Saving Time [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3468

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3418
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED

--- Comment #8 from Damien Miller <djm@mindrot.org> ---
These have been committed and will be in OpenSSH 9.1.

commit b98a42afb69d60891eb0488935990df6ee571c4d
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Aug 11 01:57:50 2022 +0000

upstream: add some tests for parse_absolute_time(), including cases

where it is forced to the UTC timezone. bz3468 ok dtucker

OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759

commit ec1ddb72a146fd66d18df9cd423517453a5d8044
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Aug 11 01:56:51 2022 +0000

upstream: allow certificate validity intervals, sshsig verification

times and authorized_keys expiry-time options to accept dates in
the UTC time
zone in addition to the default of interpreting them in the system
time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC
if
suffixed with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.

bz3468 ok dtucker

OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3418
[Bug 3418] tracking bug for openssh-9.1
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs