Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use default duration for host certificates identity files.

Browse Source
This commit is contained in:
Mariano Cano 2019-11-26 19:09:01 -08:00
parent f99d1007bc
commit 1a94c0df94
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/ssh.go
View File

@ -306,9 +306,13 @@ func (h *caHandler) SSHSign(w http.ResponseWriter, r *http.Request) {
// Sign identity certificate if available.
var identityCertificate []Certificate
if cr := body.IdentityCSR.CertificateRequest; cr != nil {
opts := provisioner.Options{
NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
NotAfter: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),
var opts provisioner.Options
// Use same duration as ssh certificate for user certificates
if body.CertType == provisioner.SSHUserCert {
opts = provisioner.Options{
NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
NotAfter: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),
}
}
ctx := authority.NewContextWithSkipTokenReuse(context.Background())
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)