-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh_key::Certificate
fails to parse certificates created without an expiration date
#174
Comments
It would probably just make sense to get rid of |
That works as well. I guess the topic should be discussed in the OpenSSH bugtracker if at all because I am not quite sure how I would implement this given the requirement for protocol/format compatibility across versions. |
`ssh-keygen` uses `i64::MAX` as its placeholder value for certificates which last "forever". This allows such certificates to parse, albeit at the cost of allowing all sorts of bogus timestamps. Closes #174
|
I just tried it with the new 0.6.3 release and the sample certificate still fails to parse. I think this is due to the max being defined as This function that checks certificate time validity in OpenSSH might be of interest. |
Note the value is defined in terms of However I guess I'll need to add a test vector for one of these certificates, but this is absolutely obnoxious, and a unexpiring certificates are a horrible antipattern (which appears to be the default? What were they thinking?) |
Fixing this will likely require breaking changes, since I guess we'll need to replace every single place a certificate can expire with an Will go ahead and reopen this, but I'm not looking forward to solving it. It would seem to create a lot of opportunities for bugs in something that was otherwise straightforward, to support something which is a bad idea to begin with. |
Closes #174 Previously certificates only supported the `i64` range to allow for infallible conversions to/from `SystemTime`. Unfortunately OpenSSH defaults to using `u64::MAX` as the `valid_before` time in order to represent certificate that's valid "forever". The previous restriction meant that `ssh-key` was incapible of parsing such certificates. This commit switches to using a raw `u64` everywhere, and changing conversions to `SystemTime` to return an `Option<SystemTime>` which is `None` if the `u64` value overflows an `i64`.
Closes #174 Previously certificates only supported the `i64` range to allow for infallible conversions to/from `SystemTime`. Unfortunately OpenSSH defaults to using `u64::MAX` as the `valid_before` time in order to represent certificate that's valid "forever". The previous restriction meant that `ssh-key` was incapible of parsing such certificates. This commit switches to using a raw `u64` everywhere, and changing conversions to `SystemTime` to return an `Option<SystemTime>` which is `None` if the `u64` value overflows an `i64`.
Closes #174 Previously certificates only supported the `i64` range to allow for infallible conversions to/from `SystemTime`. Unfortunately OpenSSH defaults to using `u64::MAX` as the `valid_before` time in order to represent certificate that's valid "forever". The previous restriction meant that `ssh-key` was incapible of parsing such certificates. This commit switches to using a raw `u64` everywhere, and changing conversions to `SystemTime` to return an `Option<SystemTime>` which is `None` if the `u64` value overflows an `i64`.
Closes #174 Previously certificates only supported the `i64` range to allow for infallible conversions to/from `SystemTime`. Unfortunately OpenSSH defaults to using `u64::MAX` as the `valid_before` time in order to represent certificate that's valid "forever". The previous restriction meant that `ssh-key` was incapible of parsing such certificates. This commit switches to using a raw `u64` everywhere, and changing conversions to `SystemTime` to return an `Option<SystemTime>` which is `None` if the `u64` value overflows an `i64`.
Closes #174 Previously certificates only supported the `i64` range to allow for infallible conversions to/from `SystemTime`. Unfortunately OpenSSH defaults to using `u64::MAX` as the `valid_before` time in order to represent certificate that's valid "forever". The previous restriction meant that `ssh-key` was incapible of parsing such certificates. This commit switches to using a raw `u64` everywhere, and changing conversions to `SystemTime` to return an `Option<SystemTime>` which is `None` if the `u64` value overflows an `i64`.
Hi,
Upon trying out the certificate parser to learn about OpenSSH's certificate structure I discovered that certificates generated without an expiry date fail to be parsed with a
Time
error.When creating a certificate without expiry OpenSSH decides to set the valid_after to 0 and valid_before to i64::Max which is a lot higher than the limit discussed in ssh-key/src/certificate/unix_time.rs L11-17. While I do understand that absurd values make no sense I think failing to parse a perfectly valid certificate is bad.
Could you maybe add a special case to UnixTime specifically for
i64::MAX
that denotes the key does not expire?Steps to reproduce (OpenSSH 9.5):
The text was updated successfully, but these errors were encountered: