to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.
thanks Dominik for triaging!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
return undef if !$rsa_pub;
my ($min, $max) = $get_ticket_age_range->($now, $rsa_mtime, $old);
return undef if !$rsa_pub;
my ($min, $max) = $get_ticket_age_range->($now, $rsa_mtime, $old);
+ return undef if !defined($min);
return PVE::Ticket::verify_rsa_ticket(
$rsa_pub, 'PVE', $ticket, undef, $min, $max, 1);
return PVE::Ticket::verify_rsa_ticket(
$rsa_pub, 'PVE', $ticket, undef, $min, $max, 1);