GnuTLS'es @url{https://www.gnutls.org/manual/html_node/certtool-Invocation.html, certtool},
@url{http://cr.yp.to/redo.html, redo} build system,
@url{https://www.tcl.tk/, Tcl/Tk}'s @command{wish} shell for GUI dialogues,
- @command{dwebp}, @command{djxl} for images transcoding,
+ @command{dwebp}, @command{djxl}, @command{avifdec} for images transcoding,
@url{https://github.com/halturin/multitail, multitail} for logs viewing.
@item Download and build @command{tofuproxy}:
@example
$ ./tofuproxy.cmd
-main.go:316: listening: [::1]:8080 certs: ./certs
+main.go:70: listening: [::1]:8080 dns: [::1]:53 certs: ./certs ccerts: ./ccerts
@end example
@item Trust your newly generated CA:
@item Point you HTTP/HTTPS clients to @code{http://localhost:8080}.
+@item
+If you want to use TLS client certificates, then place them to
+@file{-ccerts} directory.
+
+@item
+Load spying domains to reject to with:
+
+@example
+$ cat spies.txt > fifos/add-spies
+@end example
+
@item Watch logs:
@example
@image{dialog,,,Example dialog,.webp}
+@item
+Certificate trust decision dialog (like above one) has multiple hotkeys:
+
+ @itemize
+ @item @code{a} -- accept and save certificate chain to disk
+ @item @code{o} -- accept once per session (@command{tofuproxy} running)
+ @item @code{r} -- reject certificate
+ @item @code{q} -- reject certificate really once, same as closing the window
+ @item @code{n} -- next page of "their" certificate chain
+ @item @code{p} -- previous page of "their" certificate chain
+ @item @code{N} -- next page of "our" certificate chain
+ @item @code{P} -- previous page of "our" certificate chain
+ @end itemize
+
+@item
+To list currently accepted, rejected, HTTP authorized, TLS client
+authenticated hosts:
+
+@example
+$ cat fifos/list-@{accepted,rejected,http-auth,tls-auth@}
+@end example
+
+@item
+To remove knowledge of the host from any of the states mentioned above:
+
+@example
+$ echo www.example.com > fifos/del-tls-auth
+@end example
+
@end itemize