From 147ac0fc90d972a11f5e91521ba3d385015b5945 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Wed, 28 Jun 2017 17:17:37 +0200
Subject: Introduce Acquire::AllowTLS to turn off TLS support

As requested by Henrique de Moraes Holschuh, here comes
an option to disable TLS support. If the option is set
to false, the internal TLS layer is disabled.
---
 methods/connect.cc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'methods')

diff --git a/methods/connect.cc b/methods/connect.cc
index e48008214..0103b5873 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -640,6 +640,9 @@ struct TlsFd : public MethodFd
 bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
 	       unsigned long Timeout, aptMethod *Owner)
 {
+   if (_config->FindB("Acquire::AllowTLS", true) == false)
+      return _error->Error("TLS support has been disabled: Acquire::AllowTLS is false.");
+
    int err;
    TlsFd *tlsFd = new TlsFd();
 
-- 
cgit v1.2.3