You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ssh-key: accept u64::MAX as OpenSSH "no expiry" sentinel in UnixTime
OpenSSH PROTOCOL.certkeys specifies that valid_before=0xffffffffffffffff
(u64::MAX) means the certificate never expires. Previously UnixTime::new
rejected this value because it exceeds MAX_SECS (i64::MAX), causing
Certificate parsing to fail for any cert generated without an explicit
validity window (e.g. ssh-keygen -s ca -h key.pub without -V).
Add FOREVER_SECS=u64::MAX constant. In new(), cap its SystemTime
representation at MAX_SECS to keep a valid SystemTime while preserving
the raw secs value for round-trip encoding correctness.
Fixes: #503
0 commit comments