-/*
-tofuproxy -- HTTP proxy with TLS certificates management
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
+// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+// manager, WARC/geminispace browser
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
package main
"net"
"net/http"
- "go.cypherpunks.ru/ucspi"
+ "go.cypherpunks.su/ucspi/v2"
"go.stargrave.org/tofuproxy"
"go.stargrave.org/tofuproxy/fifos"
+ "go.stargrave.org/tofuproxy/rounds"
+ ttls "go.stargrave.org/tofuproxy/tls"
+ "go.stargrave.org/tofuproxy/warc"
)
func main() {
+ ai := flag.String("ai", "eddsa", "ecdsa|eddsa (ECDSA-256 or EdDSA algorithm)")
crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
- prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
+ prvPath := flag.String("key", "cert.pem", "Path to server PKCS#8 private key")
bind := flag.String("bind", "[::1]:8080", "Bind address")
certs := flag.String("certs", "./certs", "Directory with pinned certificates")
ccerts := flag.String("ccerts", "./ccerts", "Directory with client certificates")
dnsSrv := flag.String("dns", "[::1]:53", "DNS server")
fifosDir := flag.String("fifos", "fifos", "Directory with FIFOs")
notai := flag.Bool("notai", false, "Do not prepend TAI64N to logs")
+ warcOnly := flag.Bool("warc-only", false, "Server only WARC URIs")
+ unzstdPath := flag.String("unzstd", "cmd/zstd/unzstd", "Path to unzstd utility")
flag.Parse()
log.SetFlags(log.Lshortfile)
}
fifos.NoTAI = *notai
- fifos.FIFOs = *fifosDir
- fifos.Init()
- tofuproxy.Certs = *certs
- tofuproxy.CCerts = *ccerts
- tofuproxy.DNSSrv = *dnsSrv
+ fifos.Start(*fifosDir)
+ ttls.Certs = *certs
+ ttls.CCerts = *ccerts
+ ttls.DNSSrv = *dnsSrv
tofuproxy.CACert = caCert
tofuproxy.CAPrv = caPrv
+ tofuproxy.X509Algo = *ai
+ rounds.WARCOnly = *warcOnly
+ warc.UnZSTDPath = *unzstdPath
ln, err := net.Listen("tcp", *bind)
if err != nil {