diff options
| author | Julian Andres Klode <jak@debian.org> | 2017-06-28 17:17:37 +0200 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2017-06-28 17:34:51 +0200 |
| commit | 147ac0fc90d972a11f5e91521ba3d385015b5945 (patch) | |
| tree | 73ebcc2e77478d86ada6af081f479b6b33986039 | |
| parent | c81b83864b7da79250a210ea7c49b5b03a4b2b16 (diff) | |
Introduce Acquire::AllowTLS to turn off TLS support
As requested by Henrique de Moraes Holschuh, here comes
an option to disable TLS support. If the option is set
to false, the internal TLS layer is disabled.
| -rw-r--r-- | doc/apt.conf.5.xml | 9 | ||||
| -rw-r--r-- | doc/examples/configure-index | 2 | ||||
| -rw-r--r-- | methods/connect.cc | 3 |
3 files changed, 14 insertions, 0 deletions
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index 260c66c46..54ed78c95 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -357,6 +357,15 @@ APT::Compressor::rev { </para></listitem> </varlistentry> + <varlistentry><term><option>AllowTLS</option></term> + <listitem><para> + Allow use of the internal TLS support in the http method. If set to false, + this completely disables support for TLS in apt's own methods (excluding + the curl-based https method). No TLS-related functions will be called + anymore. + </para></listitem> + </varlistentry> + <varlistentry><term><option>PDiffs</option></term> <listitem><para>Try to download deltas called <literal>PDiffs</literal> for indexes (like <filename>Packages</filename> files) instead of diff --git a/doc/examples/configure-index b/doc/examples/configure-index index aada67bf5..a48d4cb99 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -206,6 +206,8 @@ Acquire Source-Symlinks "<BOOL>"; ForceHash "<STRING>"; // hashmethod used for expected hash: sha256, sha1 or md5sum + AllowTLS "<BOOL>"; // whether support for tls is enabled + PDiffs "<BOOL>"; // try to get the IndexFile diffs PDiffs::FileLimit "<INT>"; // don't use diffs if we would need more than 4 diffs PDiffs::SizeLimit "<INT>"; // don't use diffs if size of all patches excess X% of the size of the original file diff --git a/methods/connect.cc b/methods/connect.cc index e48008214..0103b5873 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -640,6 +640,9 @@ struct TlsFd : public MethodFd bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd, unsigned long Timeout, aptMethod *Owner) { + if (_config->FindB("Acquire::AllowTLS", true) == false) + return _error->Error("TLS support has been disabled: Acquire::AllowTLS is false."); + int err; TlsFd *tlsFd = new TlsFd(); |