Setting the Synchronization Process for Certificate Verification

To alter the way curl verifies the certificate of the server providing the vuln_track database updates, the SYNC_SSL_VERIFY_HOST constant can be used.

The constant needs to be an integer with the only possible values of 0, 1 or 2. Any other value will result in defaulting to 2.

Note:The usage of value 1 is depreciated by CURL for security reasons.

Use:

•

0 to disable certificate checking

•

1 to check the existence of a common name in the SSL peer certificate

•

2 to check the existence of a common name and also verify that it matches the hostname provided

It is recommended that this setting is not altered unless necessary, as setting it to a lower value than 2 will decrease the security.

The constant should be configured in the file /usr/local/Secunia/config.ini. A new line must be added:

SYNC_SSL_VERIFY_HOST = 2