summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-06-28 17:17:37 +0200
committerJulian Andres Klode <jak@debian.org>2017-06-28 17:34:51 +0200
commit147ac0fc90d972a11f5e91521ba3d385015b5945 (patch)
tree73ebcc2e77478d86ada6af081f479b6b33986039
parentc81b83864b7da79250a210ea7c49b5b03a4b2b16 (diff)
Introduce Acquire::AllowTLS to turn off TLS support
As requested by Henrique de Moraes Holschuh, here comes an option to disable TLS support. If the option is set to false, the internal TLS layer is disabled.
-rw-r--r--doc/apt.conf.5.xml9
-rw-r--r--doc/examples/configure-index2
-rw-r--r--methods/connect.cc3
3 files changed, 14 insertions, 0 deletions
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 260c66c46..54ed78c95 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -357,6 +357,15 @@ APT::Compressor::rev {
</para></listitem>
</varlistentry>
+ <varlistentry><term><option>AllowTLS</option></term>
+ <listitem><para>
+ Allow use of the internal TLS support in the http method. If set to false,
+ this completely disables support for TLS in apt's own methods (excluding
+ the curl-based https method). No TLS-related functions will be called
+ anymore.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry><term><option>PDiffs</option></term>
<listitem><para>Try to download deltas called <literal>PDiffs</literal> for
indexes (like <filename>Packages</filename> files) instead of
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index aada67bf5..a48d4cb99 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -206,6 +206,8 @@ Acquire
Source-Symlinks "<BOOL>";
ForceHash "<STRING>"; // hashmethod used for expected hash: sha256, sha1 or md5sum
+ AllowTLS "<BOOL>"; // whether support for tls is enabled
+
PDiffs "<BOOL>"; // try to get the IndexFile diffs
PDiffs::FileLimit "<INT>"; // don't use diffs if we would need more than 4 diffs
PDiffs::SizeLimit "<INT>"; // don't use diffs if size of all patches excess X% of the size of the original file
diff --git a/methods/connect.cc b/methods/connect.cc
index e48008214..0103b5873 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -640,6 +640,9 @@ struct TlsFd : public MethodFd
bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
unsigned long Timeout, aptMethod *Owner)
{
+ if (_config->FindB("Acquire::AllowTLS", true) == false)
+ return _error->Error("TLS support has been disabled: Acquire::AllowTLS is false.");
+
int err;
TlsFd *tlsFd = new TlsFd();