3145 – Report on expired certificates in agent when using "ssh-add -l" or "ssh-add -L"

Bug 3145 - Report on expired certificates in agent when using "ssh-add -l" or "ssh-add -L"

Summary: Report on expired certificates in agent when using "ssh-add -l" or "ssh-add -L"

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-add (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-08 07:10 AEST by Paul Kapp
Modified:	2020-04-08 07:10 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Kapp 2020-04-08 07:10:31 AEST

Alternative approach to enhancement in https://bugzilla.mindrot.org/show_bug.cgi?id=2675

Include in the output of "ssh-add -l" and "ssh-add -L" indicators that a certificate in the agent is beyond the ValidUntil datetime value, giving explicit notification that the user should probably delete and renew an expired certificate.

Currently, ssh-add -l gives no visible distinction that a certificate listed is (potentially) no longer valid.  Since the actual validity check is done on the server side, local time checks may not be 100% accurate in determining the actual validity of a given time-bounded certificate, so an informational message from the client-side seems appropriate.