Bug 3145

Summary: Report on expired certificates in agent when using "ssh-add -l" or "ssh-add -L"
Product: Portable OpenSSH Reporter: Paul Kapp <paullkapp>
Component: ssh-addAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: -current   
Hardware: All   
OS: All   

Description Paul Kapp 2020-04-08 07:10:31 AEST 
Alternative approach to enhancement in https://bugzilla.mindrot.org/show_bug.cgi?id=2675

Include in the output of "ssh-add -l" and "ssh-add -L" indicators that a certificate in the agent is beyond the ValidUntil datetime value, giving explicit notification that the user should probably delete and renew an expired certificate.

Currently, ssh-add -l gives no visible distinction that a certificate listed is (potentially) no longer valid.  Since the actual validity check is done on the server side, local time checks may not be 100% accurate in determining the actual validity of a given time-bounded certificate, so an informational message from the client-side seems appropriate.