2 @unnumbered Certificate trust management
4 When you encounter something requiring your attention and decision, you
5 will be see Tk-dialog through the @command{wish} invocation. GnuTLS'es
6 @command{certtool} is used for certificate information printing.
8 @image{dialog,,,Example dialog,.webp}
10 Certificate trust decision dialog (like above one) has multiple hotkeys:
13 @item @code{a} -- accept and save certificate chain to disk
14 @item @code{o} -- accept once per session (@command{tofuproxy} running)
15 @item @code{r} -- reject certificate
16 @item @code{q} -- reject certificate really once, same as closing the window
17 @item @code{n} -- next page of "their" certificate chain
18 @item @code{p} -- previous page of "their" certificate chain
19 @item @code{N} -- next page of "our" certificate chain
20 @item @code{P} -- previous page of "our" certificate chain
23 To list currently accepted, rejected, HTTP authorized, TLS client
27 $ cat fifos/list-@{accepted,rejected,http-auth,tls-auth@}
30 To remove knowledge of the host from any of the states mentioned above:
33 $ echo www.example.com > fifos/del-tls-auth