[sshd] Add support to disable valid_after check
In debugging scenarios where the platform has not had a chance to
acquire time, developers may still need to SSH by presenting a
certificate that only is valid for some given time range. In these
cases, the platform time cannot be used to make a determination whether
the presented certificate is valid.
However, platform builds may default to a build date, which could make
the valid_before check reasonable. This change adds an option that build
configurations can add to their sshd_config that disables this check.
This option is meant for debugging purposes only and should not be used
in production environments.
Test: Key exchange continues to fail in the default configuration unless
the platform time is within the valid range. In configurations where
sshd_config adds this option, the platform accepts certificates so long
as the not_before time has not passed.
3 files changed