Various refactoring

diff --git a/README b/README
index e767a4212ad4693e1258d45107a3e39fc3775639..07ac7e14c0faef878e21816a78a202118ee463f8 100644 (file)
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-manager, WARC/Gemini browser.
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+manager, WARC/geminispace browser.

 
 Home page: http://www.tofuproxy.stargrave.org/
 
 
 Home page: http://www.tofuproxy.stargrave.org/
 

diff --git a/all.do b/all.do
index db8bcbf9fe6106b27cef871e13efb3ba8d57c6af..c4a5702e8af42b1d5da19131f4fa9cd35e52692f 100644 (file)
--- a/all.do
+++ b/all.do
@@ -1,2 +1,2 @@
-redo-ifchange cert.pem tofuproxy.cmd fifos/ensure
+redo-ifchange cert.pem tofuproxy.cmd fifos/ensure cmd/unzstd/unzstd

 mkdir -p certs ccerts
 mkdir -p certs ccerts

diff --git a/cmd/.gitignore b/cmd/.gitignore
new file mode 100644 (file)
index 0000000..895dab3
--- /dev/null
+++ b/cmd/.gitignore
@@ -0,0 +1 @@
+compile_flags.txt

diff --git a/cmd/certgen/main.go b/cmd/certgen/main.go
index 93b5e7fe0edbccd578fbf85d977dd131fb22c83b..d8f86e1af72c6d9fa4f3cc5b80690efa42af2373 100644 (file)
--- a/cmd/certgen/main.go
+++ b/cmd/certgen/main.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/cmd/enzstd/.gitignore b/cmd/enzstd/.gitignore
index aaa49382125ef784d1e209002270d6af5fc87011..6fcec772f3e2ffb71f5e3d81bf434752f5a14235 100644 (file)
--- a/cmd/enzstd/.gitignore
+++ b/cmd/enzstd/.gitignore
@@ -1,2 +1 @@
-/compile_flags.txt

 /enzstd
 /enzstd

diff --git a/cmd/enzstd/compile_flags.txt.do b/cmd/enzstd/compile_flags.txt.do
deleted file mode 100644 (file)
index 13b13f1b4c34c9452a19693a26cb2921470f7209..0000000000000000000000000000000000000000
--- a/cmd/enzstd/compile_flags.txt.do
+++ /dev/null
@@ -1 +0,0 @@
-printf "%s" "$CFLAGS $LDFLAGS" | tr " " "\n" | grep -v "^$" | sort | uniq

diff --git a/cmd/enzstd/compile_flags.txt.do b/cmd/enzstd/compile_flags.txt.do
new file mode 120000 (symlink)
index 0000000000000000000000000000000000000000..0f4f6ffdd6714194338585f4bea300c8049eefd6
--- /dev/null
+++ b/cmd/enzstd/compile_flags.txt.do
@@ -0,0 +1 @@
+../unzstd/compile_flags.txt.do
\ No newline at end of file

diff --git a/cmd/enzstd/enzstd.c b/cmd/enzstd/enzstd.c
index ee5e35a2e24c02c66b5dd08bca8bd72c6edecc36..b91ecb2bdc5938bd5c0ec4f82aa1115ad3e12ac0 100644 (file)
--- a/cmd/enzstd/enzstd.c
+++ b/cmd/enzstd/enzstd.c
@@ -1,6 +1,5 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+enzstd -- .warc.zst compressor

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify


@@ -74,7 +73,6 @@ main(int argc, char **argv)
         };
         n = fread(src, 1, srcWantSize, stdin);
         if (n < srcWantSize) {
         };
         n = fread(src, 1, srcWantSize, stdin);
         if (n < srcWantSize) {

-            fprintf(stderr, "IS: %zu %zu\n", n, srcWantSize);

             fputs("insufficient data fed\n", stderr);
             return EXIT_FAILURE;
         };
             fputs("insufficient data fed\n", stderr);
             return EXIT_FAILURE;
         };

diff --git a/cmd/tofuproxy/main.go b/cmd/tofuproxy/main.go
index 941438d1e6a45749129dbea206440a20f3624d64..b3f2a14b76decaa0efd99952d7bff9d0d9c2a3a9 100644 (file)
--- a/cmd/tofuproxy/main.go
+++ b/cmd/tofuproxy/main.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/cmd/ungzip/main.go b/cmd/ungzip/main.go
index 64ec0f7ff31d09e49ab1d2789192ce6373ed1371..d382e36651bf41746b0d79f5a9c347cd0ddb850b 100644 (file)
--- a/cmd/ungzip/main.go
+++ b/cmd/ungzip/main.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/cmd/unzstd/.gitignore b/cmd/unzstd/.gitignore
index d34d41009adeacd57a2f94bb1806c8864814e73f..f2358dce2f6f804f0388a0d94e3874b8afaee85b 100644 (file)
--- a/cmd/unzstd/.gitignore
+++ b/cmd/unzstd/.gitignore
@@ -1,2 +1 @@
-/compile_flags.txt

 /unzstd
 /unzstd

diff --git a/cmd/unzstd/unzstd.c b/cmd/unzstd/unzstd.c
index 4815251cf318cac8efd082c31fea86aebd3907a6..ada11ea7494afcab042230ea8b5b0a147c6588c3 100644 (file)
--- a/cmd/unzstd/unzstd.c
+++ b/cmd/unzstd/unzstd.c
@@ -1,6 +1,5 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+unzstd -- .warc.zst decompressor

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/cmd/warc-extract/main.go b/cmd/warc-extract/main.go
index 85bc2731d930894e387ba7ae59a536a8ad4ecd77..0dd56fd8a24cd63e177d3c7e6d493cb1b10e926d 100644 (file)
--- a/cmd/warc-extract/main.go
+++ b/cmd/warc-extract/main.go
@@ -1,6 +1,5 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+warc-extract -- WARC files data extractor

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/conn.go b/conn.go
index d2a05a2d6003695a284ca06ca80799875616feca..00c1721863ae82667fd5474833c1342cf774ee4f 100644 (file)
--- a/conn.go
+++ b/conn.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/default.cmd.do b/default.cmd.do
index 94735316a469f1442d026290060c7c72762c75c6..c2ee005ce30fcfdda95e6e7893f1b6f2a44e242a 100644 (file)
--- a/default.cmd.do
+++ b/default.cmd.do
@@ -1,3 +1,10 @@
-redo-ifchange *.go cmd/*/*.go fifos/*.go rounds/*.go warc/*.go
+redo-ifchange \
+    *.go \
+    caches/*.go \
+    cmd/$2/*.go \
+    fifos/*.go \
+    rounds/*.go \
+    tls/*.go \
+    warc/*.go

 GO_LDFLAGS="${GO_LDFLAGS:--ldflags=-s}"
 ${GO:-go} build -o $3 $GO_LDFLAGS ./cmd/${1%.cmd}
 GO_LDFLAGS="${GO_LDFLAGS:--ldflags=-s}"
 ${GO:-go} build -o $3 $GO_LDFLAGS ./cmd/${1%.cmd}

diff --git a/doc/certs.texi b/doc/certs.texi
index b109dc8fd7f4d08cc57953134f002336ce144420..9d66fa134c1a9dee1585a6193b72ae1bb8efeb44 100644 (file)
--- a/doc/certs.texi
+++ b/doc/certs.texi
@@ -1,5 +1,5 @@
 @node CertTrust
 @node CertTrust

-@section Certificate trust management
+@unnumbered Certificate trust management

 
 When you encounter something requiring your attention and decision, you
 will be see Tk-dialog through the @command{wish} invocation. GnuTLS'es
 
 When you encounter something requiring your attention and decision, you
 will be see Tk-dialog through the @command{wish} invocation. GnuTLS'es

diff --git a/doc/gemini.texi b/doc/gemini.texi
index 73acece9c107ccc1025fd36110d885f829e523d8..db44e6056b670c1be500867399f757e0dd51a8c5 100644 (file)
--- a/doc/gemini.texi
+++ b/doc/gemini.texi
@@ -1,14 +1,21 @@
 @node Gemini
 @node Gemini

-@section Geminispace
+@unnumbered Geminispace

 
 You can browse @url{https://en.wikipedia.org/wiki/Gemini_(protocol),
 geminispace} by going to @url{https://gemini/HOST/PATH}, where
 @var{HOST} and @var{PATH} are taken from ordinary gemini URL. For
 example to browse @url{gemini://gemini.circumlunar.space/docs/}, you must go
 through @command{tofuproxy} to @url{https://gemini/gemini.circumlunar.space/docs/}.
 
 You can browse @url{https://en.wikipedia.org/wiki/Gemini_(protocol),
 geminispace} by going to @url{https://gemini/HOST/PATH}, where
 @var{HOST} and @var{PATH} are taken from ordinary gemini URL. For
 example to browse @url{gemini://gemini.circumlunar.space/docs/}, you must go
 through @command{tofuproxy} to @url{https://gemini/gemini.circumlunar.space/docs/}.

+Or you can go to @url{https://gemini/gemini://gemini.circumlunar.space/docs/}
+and will be redirected to necessary URL.

 
 If you request @url{https://gemini/} URL with @code{Accept: text/gemini}
 HTTP header, then gemfiles (@file{.gmi} will be passed as-is without
 conversion to HTML.
 
 
 If you request @url{https://gemini/} URL with @code{Accept: text/gemini}
 HTTP header, then gemfiles (@file{.gmi} will be passed as-is without
 conversion to HTML.
 

+@example
+$ curl --proxy http://localhost:8080/ --header "Accept: text/gemini" \
+    https://gemini/gemini.circumlunar.space/docs/
+@end example
+

 No @code{INPUT} is supported currently.
 No @code{INPUT} is supported currently.

diff --git a/doc/httpauth.texi b/doc/httpauth.texi
new file mode 100644 (file)
index 0000000..eb98721
--- /dev/null
+++ b/doc/httpauth.texi
@@ -0,0 +1,7 @@
+@node HTTPAuth
+@unnumbered HTTP-based authentication
+
+HTTP authorization request is intercepted by @command{tofuproxy} and
+dialogue window is shown. @file{~/.netrc} file is automatically read and
+used for form inputs prefilling. You can override its path by
+@env{$NETRC} environment variable.

diff --git a/doc/index.texi b/doc/index.texi
index 7d552be9cd4dfc5995ac70f995266dd411bf72b9..84b29ba7a895221d76b788e8c3ae7f8edaa11d2e 100644 (file)
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -9,137 +9,98 @@ Copyright @copyright{} 2021 @email{stargrave@@stargrave.org, Sergey Matveev}
 @node Top
 @top tofuproxy
 
 @node Top
 @top tofuproxy
 

-@itemize
-
-@item I am tired that various HTTPS clients (like browsers and feed
-aggregators) use various TLS libraries with different features. NSS,
-GnuTLS, OpenSSL... All of them sucks, comparing to Go's @code{crypto/tls}.
-
-@item I tired that everyone provides very limited certificates trust
-management capabilities, like either certificate or SPKI
-@url{https://en.wikipedia.org/wiki/Certificate_pinning, pinning} with
-@url{https://en.wikipedia.org/wiki/Trust_on_first_use, TOFU}. Even my
-beloved @url{https://en.wikipedia.org/wiki/Xombrero, Xombrero} browser
-still pins only the whole certificate, but its public key would be much
-more sufficient and convenient to work with.
-
-@item I am tired that many clients provides very few information about
-certificates and connections at all.
-
-@item I hate that hardly anyone can control (no automatic silent
-transparent following) HTTP redirections. Although Firefox had proper
-extensions for that.
-
-@item I am sick of tiny control on URLs. The best you can is to use some
-kind of @url{https://en.wikipedia.org/wiki/Privoxy, Privoxy}, but it is
-not friendly with TLS connections, obviously.
-
-@item Xombrero sometimes has problems with HTTP-based authorization.
-
-@item Hardly anyone does
-@url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
-checks.
-
-@item And there is insanity of downloading fonts.
-Why the hell people just do not send PostScript documents instead!?
-
-@item And wonderful @url{http://jpegxl.info/, JPEG XL} image format is
-not supported by most browsers. Even pretty old
-@url{https://developers.google.com/speed/webp, WebP}, that has highest
-compression ratio for lossless screenshots, is not supported everywhere.
-@url{https://aomediacodec.github.io/av1-avif/, AVIF} could be useful too.
-
-@item None of web browsers support ability to view web archives
-(@url{https://en.wikipedia.org/wiki/Web_ARChive, WARC}s). And most of
-WARC-related software is written on Python, that nowadays is close to be
-impossible to install and use with all its broken dependencies system.
-
-@item And yet another piece of software is needed for browsing the
-@url{https://en.wikipedia.org/wiki/Gemini_(protocol), geminispace}?
-Too many bicycles already!
-
-@end itemize
-
-That is why I wrote @command{tofuproxy} -- pure Go HTTP proxy, MitMing
-all HTTPS connections on the fly. It is written for my personal needs
-exclusively, so many features are just directly hard-coded, instead of
-creating some kind of complex configuration framework.
+@command{tofuproxy} is
+@url{https://www.gnu.org/philosophy/free-sw.html, free software}
+flexible HTTP/HTTPS proxy server, TLS terminator, X.509 TOFU manager,
+@url{https://en.wikipedia.org/wiki/Web_ARChive, WARC} and
+@url{https://en.wikipedia.org/wiki/Gemini_(protocol), geminispace}
+browser, written on @url{https://golang.org/, Go} with following
+capabilities:

 
 @itemize
 
 @item
 
 @itemize
 
 @item

-@strong{Effective} responses proxying, without storing them in the memory first.
+Full TLS connection termination between Web-servers and
+@command{tofuproxy} itself. TLS 1.3, session resumption, GOST
+cryptography (if built with @url{http://www.gostls13.cypherpunks.ru/,
+gostls13}) support. Connection between @command{tofuproxy} and browser
+itself uses ephemeral on-the-fly generated certificates with proper
+domain name.

 
 @item
 
 @item

-TLS connection between client and @command{tofuproxy} has the
-@strong{proper hostname} set in ephemeral on-the-fly generated
-certificate.
+@url{https://http2.github.io/, HTTP/2} (if negotiated with ALPN) and
+HTTP keep-alives are supported.

 
 @item
 
 @item

-@code{HEAD} method is forbidden.
+Default Go's @code{crypto/x509} checks are applied to all certificates.
+If they pass, then certificate chain is saved on the disk (TOFU,
+trust-on-first-use). Future connections are compared against it, warning
+you about SPKI change (SPKI pinning) and waiting for your decision
+either to accept new chain (possibly once per session), or reject it.
+Even if native Go's checks are failed (for example domain still does not
+use @code{SubjectAltName} extension), you can still make a decision to
+forcefully trust the domain.

 
 @item
 
 @item

-@code{www.reddit.com} is redirected to @code{old.reddit.com}.
+Optional @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE-EE} check.

 
 @item
 
 @item

-@url{https://habr.com/ru/all/, Хабр}'s resolution reduced images are
-redirected to their full size variants.
+TLS client certificates are supported too.

 
 @item
 
 @item

-Various @strong{spying} domains (advertisement, tracking counters) are denied.
+HTTP-based authorization requests are intercepted and user/password
+input dialogue is shown. It automatically loads initial form values from
+@file{.netrc}.

 
 @item
 
 @item

-Web @strong{fonts} downloads are forbidden.
+Permanent HTTP redirects are replaces with non-refreshing HTML page with
+the link, to make you explicitly allow that step. Temporary redirects
+are followed if it is neither @url{https://newsboat.org/, Newsboat}
+user-agent, not image paths.

 
 @item
 
 @item

-@strong{Permanent} HTTP redirects are replaced with HTML page with the link.
+JPEG XL, AVIF and WebP images are transparently transcoded to PNG,
+giving it back to the browser, not requiring it to support modern
+effective image formats.

 
 @item
 
 @item

-@strong{Temporary} HTTP redirects are replaced with HTML too, if it is
-neither @url{https://newsboat.org/, Newsboat} nor image paths.
+Ability to load, index and browse WARC web archives, that are possibly
+multi-segment/frame compressed with @command{gzip}/@command{zstd}.

 
 @item
 
 @item

-@strong{WebP} images (if it is not Xombrero), @strong{JPEG XL} and
-@strong{AVIF} are transcoded to PNG.
+Ability to browse geminispace, transparently converting gemfiles to
+HTMLs with URL rewriting.

 
 

-@item
-Default Go's checks are applied to all certificates. If they pass, then
-certificate chain is saved on the disk (@strong{TOFU}). Future
-connections are compared against it, warning you about SPKI change
-(@strong{SPKI pinning}) and waiting for your decision either to accept
-new chain (possibly once per session), or reject it.
-
-@item
-Even when native Go's checks are failed, you can still make a decision
-to forcefully trust the domain.
+@end itemize

 
 

-@item
-@strong{HTTP-based authorization} requests are intercepted and
-user/password input dialogue is shown. It automatically loads
-@strong{initial form} values from @strong{@file{.netrc}}.
+And additional personal preferences:

 
 

-@item
-TLS @strong{client certificates} supported: separate dialogue window for
-certificate choice.
+@itemize

 
 @item
 
 @item

-Optional @strong{DANE-EE} check is also made for each domain you visit.
+Various spying domains (advertisement, tracking counters) are denied.

 
 @item
 
 @item

-TLS @strong{session resumption} and @strong{keep-alives} are also supported.
+@code{HEAD} method is forbidden. Xombrero likes it too much.

 
 @item
 
 @item

-And Go itself tries also to act as a @url{https://http2.github.io/, HTTP/2}
-client too.
+@code{www.reddit.com} is redirected to @code{old.reddit.com} (because it
+works without JavaScript and looks nicer).

 
 @item
 
 @item

-Ability to load and browse @url{https://en.wikipedia.org/wiki/Web_ARChive,
-WARC} archives, possibly @command{gzip}/@command{zstd} compressed.
+@url{https://habr.com/ru/all/, Хабр}'s resolution reduced images are
+redirected to their full size variants.

 
 @item
 
 @item

-Ability to browse geminispace, by transparent conversion to HTMLs with
-URL rewriting.
+Web @strong{fonts} downloads are forbidden.

 
 @end itemize
 
 
 @end itemize
 

+@include why.texi

 @include usage.texi
 @include usage.texi

+@include spies.texi
+@include certs.texi
+@include tlsauth.texi
+@include httpauth.texi
+@include warcs.texi
+@include gemini.texi

diff --git a/doc/spies.texi b/doc/spies.texi
index afbb16a0ff53506870d261a4cffdd518cb88e3ba..67601328e9b3a8a37cb20c22631ef3a68d7dbcd8 100644 (file)
--- a/doc/spies.texi
+++ b/doc/spies.texi
@@ -1,5 +1,5 @@
 @node Spies
 @node Spies

-@section Spies
+@unnumbered Spies

 
 You can reject requests to the whole domains. As a rule some spying ones
 (for advertisements and better user experience, they say).
 
 You can reject requests to the whole domains. As a rule some spying ones
 (for advertisements and better user experience, they say).

diff --git a/doc/tlsauth.texi b/doc/tlsauth.texi
new file mode 100644 (file)
index 0000000..31ea224
--- /dev/null
+++ b/doc/tlsauth.texi
@@ -0,0 +1,28 @@
+@node TLSAuth
+@unnumbered TLS client authentication
+
+If you want to use TLS client certificates, then place them to
+@file{-ccerts} directory. If server requests for the certificate, then
+dialogue window will be shown with the subjects of known client
+certificates. You can close that window to omit certificate sending
+once. @code{NONE} (@code{n} hotkey) will remember that decision for long.
+
+To list currently saved host and certificate associations:
+
+@example
+$ cat fifos/list-tls-auth
+example.com    CN=client.example.com
+gemini.example.com     NONE
+@end example
+
+To delete one of them:
+
+@example
+$ echo example.com > fifos/del-tls-auth
+@end example
+
+To preadd:
+
+@example
+$ echo example.com path/to/client.cert.pem > fifos/add-tls-auth
+@end example

diff --git a/doc/usage.texi b/doc/usage.texi
index 6ff4cd3328a235ecb6638a91e5923a5907b57ccb..828fe349705279ed4ee13014ae1739e8c558999a 100644 (file)
--- a/doc/usage.texi
+++ b/doc/usage.texi
@@ -32,7 +32,7 @@ $ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem redo all
 
 @item
 Run @command{tofuproxy} itself. By default it will bind to
 
 @item
 Run @command{tofuproxy} itself. By default it will bind to

-@code{[::1]:8080}, use @code{[::1]:53} DNS server for DANE requests
+@code{[::1]:8080} and use @code{[::1]:53} DNS server for DANE requests

 (set to an empty string to disable DANE lookups):
 
 @example
 (set to an empty string to disable DANE lookups):
 
 @example


@@ -46,11 +46,7 @@ main.go:70: listening: [::1]:8080 dns: [::1]:53 certs: ./certs ccerts: ./ccerts
 # cat cert.pem >> /etc/ssl/cert.pem
 @end example
 
 # cat cert.pem >> /etc/ssl/cert.pem
 @end example
 

-@item Point you HTTP/HTTPS clients to @code{http://localhost:8080}.
-
-@item
-If you want to use TLS client certificates, then place them to
-@file{-ccerts} directory.
+@item Point you HTTP/HTTPS clients to @code{http://localhost:8080} proxy.

 
 @item Watch logs:
 
 
 @item Watch logs:
 


@@ -61,8 +57,3 @@ $ ( cd fifos ; ./multitail.sh )
 @image{logs,,,Example logs,.webp}
 
 @end itemize
 @image{logs,,,Example logs,.webp}
 
 @end itemize

-
-@include spies.texi
-@include certs.texi
-@include warcs.texi
-@include gemini.texi

diff --git a/doc/warcs.texi b/doc/warcs.texi
index aba62ae7d703bf7b13bbc49d9fa43f50ad420f27..b20b120e301679292c05fd1bcf991f827ee3675c 100644 (file)
--- a/doc/warcs.texi
+++ b/doc/warcs.texi
@@ -1,5 +1,5 @@
 @node WARCs
 @node WARCs

-@section WARCs management
+@unnumbered WARCs management

 
 To view WARC files, you have to load them in daemon. Responses will be
 transparently replaced from those WARCs for corresponding URIs.
 
 To view WARC files, you have to load them in daemon. Responses will be
 transparently replaced from those WARCs for corresponding URIs.


@@ -24,13 +24,13 @@ Zstandard compressed WARC, as in
 Multi-frame format is properly indexed. Dictionary at the beginning
 is also supported.
 
 Multi-frame format is properly indexed. Dictionary at the beginning
 is also supported.
 

-It is processed with with @command{unzstd} (@command{redo
-cmd/unzstd/unzstd}) utility. It eats compressed stream from
-@code{stdin}, outputs decompressed data to @code{stdout}, and prints
-each frame size with corresponding decompressed data size to 3rd file
-descriptor (if it is opened). You can adjust path to it with @code{-X
-go.stargrave.org/tofuproxy/warc.UnZSTDPath} command line option during
-building.
+It is processed with with @command{unzstd} (@file{cmd/unzstd/unzstd})
+utility. It eats compressed stream from @code{stdin}, outputs
+decompressed data to @code{stdout}, and prints each frame size with
+corresponding decompressed data size to 3rd file descriptor (if it is
+opened). You can adjust path to it with
+@code{-X go.stargrave.org/tofuproxy/warc.UnZSTDPath} command line option
+during building.

 
 @end table
 
 
 @end table
 


@@ -76,14 +76,14 @@ it contains continuation segmented records.
 
 Loading of WARC involves its whole reading and remembering where is each
 URI response is located. You can @code{echo SAVE > fifos/add-warcs} to
 
 Loading of WARC involves its whole reading and remembering where is each
 URI response is located. You can @code{echo SAVE > fifos/add-warcs} to

-save in-memory index to the disk as @file{....idx.gob} file. During
-the next load, if that file exists, it is used as index immediately,
+save in-memory index to the disk as @file{....idx.gob} files. During
+the next load, if those files exists, they are used as index immediately,

 without expensive WARC parsing.
 
 without expensive WARC parsing.
 

-@code{redo warc-extract.cmd} builds @command{warc-extract.cmd} utility,
-that uses exactly the same code for parsing WARCs. It can be used to
-check if WARCs can be successfully loaded, to list all URIs after, to
-extract some specified URI and to pre-generate @file{.idx.gob} indexes.
+@code{redo warc-extract.cmd} utility uses exactly the same code for
+parsing WARCs. It can be used to check if WARCs can be successfully
+loaded, to list all URIs after, to extract some specified URI and to
+pre-generate @file{.idx.gob} indexes.

 
 @example
 $ warc-extract.cmd -idx \
 
 @example
 $ warc-extract.cmd -idx \


@@ -98,7 +98,7 @@ $ warc-extract.cmd -uri http://some/uri \
 
 Following example can be used to create multi-frame @file{.warc.zst}
 from any kind of already existing WARCs. It has better compression ratio
 
 Following example can be used to create multi-frame @file{.warc.zst}
 from any kind of already existing WARCs. It has better compression ratio

-and much higher decompression speed.
+and much higher decompression speed, than @file{.warc.gz}.

 
 @example
 $ redo cmd/enzstd/enzstd
 
 @example
 $ redo cmd/enzstd/enzstd

diff --git a/doc/why.texi b/doc/why.texi
new file mode 100644 (file)
index 0000000..7e8aa24
--- /dev/null
+++ b/doc/why.texi
@@ -0,0 +1,60 @@
+@node Why
+@unnumbered Why I created it?
+
+@itemize
+
+@item I am tired that various HTTPS clients (like browsers and feed
+aggregators) use TLS libraries with different feature set. NSS, GnuTLS,
+OpenSSL... All of them sucks, comparing to Go's @code{crypto/tls}.
+
+@item I am tired that everyone provides very limited certificates trust
+management capabilities, like either certificate or SPKI
+@url{https://en.wikipedia.org/wiki/Certificate_pinning, pinning} with
+@url{https://en.wikipedia.org/wiki/Trust_on_first_use, TOFU}. Even my
+beloved @url{https://en.wikipedia.org/wiki/Xombrero, Xombrero} browser
+still pins only the whole certificate, but its public key would be much
+more sufficient and convenient to work with.
+
+@item I am tired that many clients provides very few information about
+certificates and connections at all.
+
+@item I hate that hardly anyone can control (no automatic silent
+transparent following) HTTP redirections. Although Firefox (I used many
+ears ago) had proper extensions for that.
+
+@item I am sick of tiny control on URLs. The best you can is to use some
+kind of @url{https://en.wikipedia.org/wiki/Privoxy, Privoxy}, but it is
+not friendly with TLS connections, obviously. Or use yet another
+browser-specific plugin.
+
+@item Xombrero sometimes has problems with HTTP-based authorization.
+
+@item Hardly anyone does
+@url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
+checks.
+
+@item And there is insanity of fonts downloading.
+Why the hell people just do not send PostScript documents instead!?
+
+@item And wonderful @url{http://jpegxl.info/, JPEG XL} image format is
+not supported by most browsers. Even pretty old
+@url{https://developers.google.com/speed/webp, WebP}, that has highest
+compression ratio for lossless screenshots, is not supported everywhere,
+especially on old browsers.
+@url{https://aomediacodec.github.io/av1-avif/, AVIF} could be useful too.
+
+@item None of web browsers has ability to view web archives
+(@url{https://en.wikipedia.org/wiki/Web_ARChive, WARC}s). And most of
+WARC-related software is written on Python, that nowadays is close to be
+impossible to install and use with all its broken dependencies system.
+
+@item And yet another piece of software is needed for browsing the
+@url{https://en.wikipedia.org/wiki/Gemini_(protocol), geminispace}?
+Too many bicycles already!
+
+@end itemize
+
+That is why I wrote @command{tofuproxy} -- pure Go HTTP proxy, MitMing
+all HTTPS connections on the fly. It is written for my personal needs
+exclusively, so many features are just directly hard-coded, instead of
+creating some kind of complex configuration framework.

diff --git a/fifos/add.go b/fifos/add.go
new file mode 100644 (file)
index 0000000..14bc088
--- /dev/null
+++ b/fifos/add.go
@@ -0,0 +1,42 @@
+/*
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fifos
+
+import (
+       "bufio"
+       "log"
+       "os"
+)
+
+func readLinesFromFIFO(p string) []string {
+       fd, err := os.OpenFile(p, os.O_RDONLY, os.FileMode(0666))
+       if err != nil {
+               log.Fatalln(err)
+       }
+       var lines []string
+       scanner := bufio.NewScanner(fd)
+       for scanner.Scan() {
+               t := scanner.Text()
+               if len(t) > 0 {
+                       lines = append(lines, t)
+               }
+       }
+       fd.Close()
+       return lines
+}

diff --git a/fifos/del.go b/fifos/del.go
index 7700baf224e7feedd57291e2608f71c704202f8a..097ddbfa10d509617f82582ace6066caced4a44e 100644 (file)
--- a/fifos/del.go
+++ b/fifos/del.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/fifos/ensure.do b/fifos/ensure.do
index 85a674badf5e9b9042b54494b53e4e6a855a4cd8..1a961be403e5e61d6fd45ba92712ba0cb27df357 100644 (file)
--- a/fifos/ensure.do
+++ b/fifos/ensure.do
@@ -5,5 +5,6 @@ for f in accepted http-auth rejected spies tls-auth warcs ; do
     [ -p list-$f ] || mkfifo list-$f
     [ -p del-$f ] || mkfifo del-$f
 done
     [ -p list-$f ] || mkfifo list-$f
     [ -p del-$f ] || mkfifo del-$f
 done

-[ -p add-spies ] || mkfifo add-spies
-[ -p add-warcs ] || mkfifo add-warcs
+for f in spies tls-auth warcs ; do
+    [ -p add-$f ] || mkfifo add-$f
+done

diff --git a/fifos/list.go b/fifos/list.go
index d8f77adc3430721f35f60587539eb9041966c2a0..1a18f58a4a7bec93003913ec7f7b7aafb6ca247c 100644 (file)
--- a/fifos/list.go
+++ b/fifos/list.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/fifos/log.go b/fifos/log.go
index b5308c84a92fe0abded01de05ef48d850729c2d6..c132cb4329c66354ce8cde3c07e339ed7a55c367 100644 (file)
--- a/fifos/log.go
+++ b/fifos/log.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/fifos/spies.go b/fifos/spies.go
index 2428ba8978a5a8351b1bd6514d4bee0ab9a32f1d..19d3c5e096e3110ec68621cd2e720c6978fbed43 100644 (file)
--- a/fifos/spies.go
+++ b/fifos/spies.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify


@@ -19,7 +19,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package fifos
 
 import (
 package fifos
 
 import (

-       "bufio"

        "log"
        "os"
 
        "log"
        "os"
 


@@ -45,19 +44,10 @@ func listSpies(p string) {
 
 func addSpy(p string) {
        for {
 
 func addSpy(p string) {
        for {

-               fd, err := os.OpenFile(p, os.O_RDONLY, os.FileMode(0666))
-               if err != nil {
-                       log.Fatalln(err)
-               }

                hosts := make(map[string]struct{})
                hosts := make(map[string]struct{})

-               scanner := bufio.NewScanner(fd)
-               for scanner.Scan() {
-                       t := scanner.Text()
-                       if len(t) > 0 {
-                               hosts[t] = struct{}{}
-                       }
+               for _, line := range readLinesFromFIFO(p) {
+                       hosts[line] = struct{}{}

                }
                }

-               fd.Close()

                for host := range hosts {
                        log.Printf("%s: adding host %s\n", p, host)
                }
                for host := range hosts {
                        log.Printf("%s: adding host %s\n", p, host)
                }

diff --git a/fifos/start.go b/fifos/start.go
index 570f4bc18828033f3ace41f9bc3a6d212f7f6622..87fb617bbbb03b7351e341c77133d3f96b3f05f6 100644 (file)
--- a/fifos/start.go
+++ b/fifos/start.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify


@@ -58,10 +58,6 @@ func Start(fifos string) {
                &caches.RejectedM, func(host string) { delete(caches.Rejected, host) },
                filepath.Join(fifos, "del-rejected"),
        )
                &caches.RejectedM, func(host string) { delete(caches.Rejected, host) },
                filepath.Join(fifos, "del-rejected"),
        )

-       go del(
-               &caches.TLSAuthCacheM, func(host string) { delete(caches.TLSAuthCache, host) },
-               filepath.Join(fifos, "del-tls-auth"),
-       )

 
        go addSpy(filepath.Join(fifos, "add-spies"))
        go del(
 
        go addSpy(filepath.Join(fifos, "add-spies"))
        go del(


@@ -85,4 +81,10 @@ func Start(fifos string) {
                },
                filepath.Join(fifos, "del-warcs"),
        )
                },
                filepath.Join(fifos, "del-warcs"),
        )

+
+       go addTLSAuth(filepath.Join(fifos, "add-tls-auth"))
+       go del(
+               &caches.TLSAuthCacheM, func(host string) { delete(caches.TLSAuthCache, host) },
+               filepath.Join(fifos, "del-tls-auth"),
+       )

 }
 }

diff --git a/fifos/tls.go b/fifos/tls.go
new file mode 100644 (file)
index 0000000..285ed3a
--- /dev/null
+++ b/fifos/tls.go
@@ -0,0 +1,62 @@
+/*
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fifos
+
+import (
+       "crypto/tls"
+       "log"
+       "strings"
+
+       "go.cypherpunks.ru/ucspi"
+       "go.stargrave.org/tofuproxy/caches"
+)
+
+func addTLSAuth(p string) {
+       for {
+               for _, line := range readLinesFromFIFO(p) {
+                       cols := strings.SplitN(line, " ", 2)
+                       if len(cols) != 2 {
+                               log.Println("invalid add-tls-auth line format")
+                               continue
+                       }
+                       if cols[1] == "NONE" {
+                               caches.TLSAuthCacheM.Lock()
+                               caches.TLSAuthCache[cols[0]] = &tls.Certificate{}
+                               caches.TLSAuthCacheM.Unlock()
+                               log.Printf("%s: added host %s: NONE\n", p, cols[0])
+                               continue
+                       }
+                       _, cert, err := ucspi.CertificateFromFile(cols[1])
+                       if err != nil {
+                               log.Fatalln(err)
+                       }
+                       prv, err := ucspi.PrivateKeyFromFile(cols[1])
+                       if err != nil {
+                               log.Fatalln(err)
+                       }
+                       caches.TLSAuthCacheM.Lock()
+                       caches.TLSAuthCache[cols[0]] = &tls.Certificate{
+                               Certificate: [][]byte{cert.Raw},
+                               PrivateKey:  prv,
+                       }
+                       caches.TLSAuthCacheM.Unlock()
+                       log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject)
+               }
+       }
+}

diff --git a/fifos/warcs.go b/fifos/warcs.go
index ca8da6dc6c5c67c3b39392e107bed53489bfae6c..4f7dcc209d471ed7e94422d71a84403024225141 100644 (file)
--- a/fifos/warcs.go
+++ b/fifos/warcs.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify


@@ -19,7 +19,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package fifos
 
 import (
 package fifos
 
 import (

-       "bufio"

        "fmt"
        "log"
        "os"
        "fmt"
        "log"
        "os"


@@ -47,22 +46,9 @@ func listWARCs(p string) {
 
 func addWARC(p string) {
        for {
 
 func addWARC(p string) {
        for {

-               fd, err := os.OpenFile(p, os.O_RDONLY, os.FileMode(0666))
-               if err != nil {
-                       log.Fatalln(err)
-               }
-               var warcPaths []string
-               scanner := bufio.NewScanner(fd)
-               for scanner.Scan() {
-                       t := scanner.Text()
-                       if len(t) > 0 {
-                               warcPaths = append(warcPaths, t)
-                       }
-               }
-               fd.Close()
-               for _, warcPath := range warcPaths {
+               for _, warcPath := range readLinesFromFIFO(p) {

                        if warcPath == "SAVE" {
                        if warcPath == "SAVE" {

-                               if err = warc.SaveIndexes(); err != nil {
+                               if err := warc.SaveIndexes(); err != nil {

                                        log.Printf("%s: can not save index %s: %+v\n", p, warcPath, err)
                                }
                                continue
                                        log.Printf("%s: can not save index %s: %+v\n", p, warcPath, err)
                                }
                                continue


@@ -71,8 +57,7 @@ func addWARC(p string) {
                                continue
                        }
                        log.Printf("%s: adding WARC %s\n", p, warcPath)
                                continue
                        }
                        log.Printf("%s: adding WARC %s\n", p, warcPath)

-                       err = warc.Add(warcPath)
-                       if err != nil {
+                       if err := warc.Add(warcPath); err != nil {

                                log.Printf("%s: can not open %s: %+v\n", p, warcPath, err)
                                break
                        }
                                log.Printf("%s: can not open %s: %+v\n", p, warcPath, err)
                                break
                        }

diff --git a/httpauth.go b/httpauth.go
index 025c42d96bbd12cb5622d852fa683026bfcfa779..5b454cacb64d495d8bc49c1d1924f9ef4d45e250 100644 (file)
--- a/httpauth.go
+++ b/httpauth.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/denyFonts.go b/rounds/denyFonts.go
index ea29361cc887c981f4cd301e5c75754b3a266519..a460c119e84027f574872b5961a6d308a6d3c767 100644 (file)
--- a/rounds/denyFonts.go
+++ b/rounds/denyFonts.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/gemini.go b/rounds/gemini.go
index 43cf422f5db1600c832c678b503db0dfead8d6e6..8d61848397e37538f8840cf4ad5bd22460f99277 100644 (file)
--- a/rounds/gemini.go
+++ b/rounds/gemini.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify


@@ -94,6 +94,12 @@ func RoundGemini(
        }
        paths := strings.Split(strings.TrimPrefix(req.URL.Path, "/"), "/")
        host, paths = paths[0], paths[1:]
        }
        paths := strings.Split(strings.TrimPrefix(req.URL.Path, "/"), "/")
        host, paths = paths[0], paths[1:]

+       if host == "gemini:" {
+               http.Redirect(w, req, strings.Join(
+                       append([]string{GeminiEntrypoint}, paths[1:]...), "/",
+               ), http.StatusTemporaryRedirect)
+               return false, nil
+       }

        hostWithPort := host
        if !strings.Contains(hostWithPort, ":") {
                hostWithPort += GeminiPort
        hostWithPort := host
        if !strings.Contains(hostWithPort, ":") {
                hostWithPort += GeminiPort

diff --git a/rounds/habrImage.go b/rounds/habrImage.go
index c9f6fe4c7b0853a99abdc359424f67d8bd6e8b69..778fe764674c1ee0a0472d86cb0e1427070d58af 100644 (file)
--- a/rounds/habrImage.go
+++ b/rounds/habrImage.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/noHead.go b/rounds/noHead.go
index e1e32fe072620b49d7706252b68c243ea31b68c8..81163580077465f4c7386e9defbc6672f45edf3d 100644 (file)
--- a/rounds/noHead.go
+++ b/rounds/noHead.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/reddit.go b/rounds/reddit.go
index 8e7ecf3fc4586d93bd8babcd8d3eebd10bd88471..b82e363fb4a71f5ed435ebb298df00000d06032b 100644 (file)
--- a/rounds/reddit.go
+++ b/rounds/reddit.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/redirectHTML.go b/rounds/redirectHTML.go
index 6a7e1fbfd4d2789fd4f920f4b9fe157f7911cb4f..291086df5cd7d368d79ec570ade5c251184cf312 100644 (file)
--- a/rounds/redirectHTML.go
+++ b/rounds/redirectHTML.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/spy.go b/rounds/spy.go
index fcb96f8908cd2683ebc5e94cf67fd9d44516a131..5b6cec801e052302fa4498a797d4f8c4b69168ef 100644 (file)
--- a/rounds/spy.go
+++ b/rounds/spy.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/transcodeAVIF.go b/rounds/transcodeAVIF.go
index a5cf4e276c825d900df3d55e7f59326652b0d494..921587d6207ee4062a0d97cc8911f1d0032cf1a0 100644 (file)
--- a/rounds/transcodeAVIF.go
+++ b/rounds/transcodeAVIF.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/transcodeJXL.go b/rounds/transcodeJXL.go
index 1d3a58e3f8faf78787180f42e7a6be2142210a04..07b40768c7383b7b34bb9c6968c7a95d69a806fb 100644 (file)
--- a/rounds/transcodeJXL.go
+++ b/rounds/transcodeJXL.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/transcodeWebP.go b/rounds/transcodeWebP.go
index 82d3661b85970b9504be2115ba6af2dfbae8c060..a3682abe809e80970d6afdd792efcb94506c0d48 100644 (file)
--- a/rounds/transcodeWebP.go
+++ b/rounds/transcodeWebP.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/rounds/warc.go b/rounds/warc.go
index 0ca47777a5f939055daf74fb348eca7e2a0567f7..16dee3c86c23b7a99cb0e127bf82a186c86335d2 100644 (file)
--- a/rounds/warc.go
+++ b/rounds/warc.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/tls.go b/tls.go
index ffd5084e28695822b346352f2e65461b1b9879a6..4a4de46f04431196eede60ffccf5b17dde76e35c 100644 (file)
--- a/tls.go
+++ b/tls.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/tls/dane.go b/tls/dane.go
index 22fad5dd6e5cccc9e3c34e9b579d88a821138cbc..ac05a0c4bb70c3b7d31caf3bb1f373e09496d88d 100644 (file)
--- a/tls/dane.go
+++ b/tls/dane.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/tls/dial.go b/tls/dial.go
index a22dc5fa8bf549c654cc474bdc44cd3385f7762d..fe9ea75e10887ec601d61952f5b3dcb1bff289bf 100644 (file)
--- a/tls/dial.go
+++ b/tls/dial.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/tls/tlsauth.go b/tls/tlsauth.go
index 1d47670d9d2d2d70e47c2464c997c168a4851f01..71b30cdc3f3657311b5b742b677915f4dabbaaf8 100644 (file)
--- a/tls/tlsauth.go
+++ b/tls/tlsauth.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/tls/verify.go b/tls/verify.go
index 467dbb3fe3dfef3c32cf89c4770a2a296c8d6848..5857b84c0bed94602ffb84b591c3247e23913b6b 100644 (file)
--- a/tls/verify.go
+++ b/tls/verify.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/trip.go b/trip.go
index 60262295ed5f2c3d91db632d30b9f7c4d9b6bced..73807a7967b418499fd38839559efa470170ddcc 100644 (file)
--- a/trip.go
+++ b/trip.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/compressed.go b/warc/compressed.go
index 06fc53e3b79e0b88f01d5ed76aa6c81a0a9a0940..db37207a8a77ea91a3145a49c65bcd076c28e86a 100644 (file)
--- a/warc/compressed.go
+++ b/warc/compressed.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/gzip.go b/warc/gzip.go
index f68da5c46b53d51885fa5166753d7c5d82db719d..de1a863aadf48ae44e21540a66c29c2f6722d4da 100644 (file)
--- a/warc/gzip.go
+++ b/warc/gzip.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/header.go b/warc/header.go
index 53a6d414a77fd1b80a1d7f3662d1044a171a7840..851113332e5b4aaafb043f9bdc0f2f2f0096eb2f 100644 (file)
--- a/warc/header.go
+++ b/warc/header.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/open.go b/warc/open.go
index f802bbdbba23056b872975da3384bd54385acd3b..e742f9e6792dd0e8592d51398d87987f483848bb 100644 (file)
--- a/warc/open.go
+++ b/warc/open.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/reader.go b/warc/reader.go
index e73413622902c12b25f67c060d3a9339a6fa9137..9e0c3d7a4dc68f2913b5d17cd4a2f3bbeef715fd 100644 (file)
--- a/warc/reader.go
+++ b/warc/reader.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/record.go b/warc/record.go
index 3a9843571a05e53bb86e8756a09a8674aa7c0276..039850848e1548370f24ccac04a9cbc8c8ed25a3 100644 (file)
--- a/warc/record.go
+++ b/warc/record.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/uncompressed.go b/warc/uncompressed.go
index 5164e3dc5e51ffe7d387202602bee259eca1cf39..9b54f333e81585100b19e1bfe25fb13db7319cd1 100644 (file)
--- a/warc/uncompressed.go
+++ b/warc/uncompressed.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/warc/uris.go b/warc/uris.go
index 12bf70d6abb6b259861451ae1684bfcac038770a..ea1ed31fb7f23d425d7f50f8982ca6540c6bcb74 100644 (file)
--- a/warc/uris.go
+++ b/warc/uris.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify

diff --git a/x509.go b/x509.go
index f4e4e7fb77a2df938d1fee7dc54e887ace881ba3..96848cce7ff48d7bb7c8977c07c012b07425cd3c 100644 (file)
--- a/x509.go
+++ b/x509.go
@@ -1,6 +1,6 @@
 /*
 /*

-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser

 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify