- djm@cvs.openbsd.org 2013/10/23 04:16:22
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b8d5545..b664a5f 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.234 2013/09/02 22:00:34 deraadt Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.235 2013/10/23 04:16:22 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1743,7 +1743,7 @@
cert_valid_from = parse_absolute_time(from);
if (*to == '-' || *to == '+')
- cert_valid_to = parse_relative_time(to, cert_valid_from);
+ cert_valid_to = parse_relative_time(to, now);
else
cert_valid_to = parse_absolute_time(to);