@node CertTrust
@unnumbered Certificate trust management

When you encounter something requiring your attention and decision, you
will be see Tk-dialog through the @command{wish} invocation. GnuTLS'es
@command{certtool} is used for certificate information printing.

@image{dialog,,,Example dialog,.webp}

Certificate trust decision dialog (like above one) has multiple hotkeys:

@itemize
@item @code{a} -- accept and save certificate chain to disk
@item @code{o} -- accept once per session (@command{tofuproxy} running)
@item @code{r} -- reject certificate
@item @code{q} -- reject certificate really once, same as closing the window
@item @code{n} -- next page of "their" certificate chain
@item @code{p} -- previous page of "their" certificate chain
@item @code{N} -- next page of "our" certificate chain
@item @code{P} -- previous page of "our" certificate chain
@end itemize

To list currently accepted, rejected, HTTP authorized, TLS client
authenticated hosts:

@example
$ cat fifos/list-@{accepted,rejected,http-auth,tls-auth@}
@end example

To remove knowledge of the host from any of the states mentioned above:

@example
$ echo www.example.com >fifos/del-tls-auth
@end example