diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-03-27 12:25:31 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2020-04-02 12:52:13 +0300 |
commit | 9642bcffc839f4713558f927f4202ce3dd3588fd (patch) | |
tree | 65293862bd65233bbeee37a03b21826c0305fb11 /include/profiles | |
parent | b5a2d11738cf72691f3b09c48a4c647a4c499277 (diff) |
[CRYP-7902] Optionally check also certificates provided by packages
The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.
I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'include/profiles')
-rw-r--r-- | include/profiles | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/profiles b/include/profiles index 328d4d49..da2124f7 100644 --- a/include/profiles +++ b/include/profiles @@ -376,6 +376,13 @@ AddSetting "ssl-certificate-paths-to-ignore" "${SSL_CERTIFICATE_PATHS_TO_IGNORE}" "Paths that should be ignored for SSL certificates" ;; + # Check also certificates provided by packages? + ssl-certificate-include-packages) + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && SSL_CERTIFICATE_INCLUDE_PACKAGES=1 + Debug "Check also certificates provided by packages set to ${SSL_CERTIFICATE_INCLUDE_PACKAGES}" + ;; + + # Set strict mode for development and quality purposes strict) FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && SET_STRICT=1 |