Next: TLS client authentication, Previous: Spies, Up: tofuproxy
Certificate trust management ¶
When you encounter something requiring your attention and decision, you
will be see Tk-dialog through the wish invocation. GnuTLS’es
certtool is used for certificate information printing.
Certificate trust decision dialog (like above one) has multiple hotkeys:
a– accept and save certificate chain to disko– accept once per session (tofuproxyrunning)r– reject certificateq– reject certificate really once, same as closing the windown– next page of "their" certificate chainp– previous page of "their" certificate chainN– next page of "our" certificate chainP– previous page of "our" certificate chain
To list currently accepted, rejected, HTTP authorized, TLS client authenticated hosts:
$ cat fifos/list-{accepted,rejected,http-auth,tls-auth}
To remove knowledge of the host from any of the states mentioned above:
$ echo www.example.com >fifos/del-tls-auth