From 9642bcffc839f4713558f927f4202ce3dd3588fd Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Fri, 27 Mar 2020 11:25:31 +0200
Subject: [CRYP-7902] Optionally check also certificates provided by packages

The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.

I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 include/consts | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/consts')

diff --git a/include/consts b/include/consts
index 3969aad5..80548c6b 100644
--- a/include/consts
+++ b/include/consts
@@ -279,6 +279,7 @@ unset LANG
     SNORTBINARY=""
     SSHKEYSCANBINARY=""
     SSHKEYSCANFOUND=0
+    SSL_CERTIFICATE_INCLUDE_PACKAGES=0
     SSL_CERTIFICATE_PATHS=""
     SSL_CERTIFICATE_PATHS_TO_IGNORE=""
     STUNNELBINARY=""
-- 
cgit v1.2.3