/*
-tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+ manager, WARC/geminispace browser
+Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
"go.stargrave.org/tofuproxy"
"go.stargrave.org/tofuproxy/fifos"
"go.stargrave.org/tofuproxy/rounds"
+ ttls "go.stargrave.org/tofuproxy/tls"
+ "go.stargrave.org/tofuproxy/warc"
)
func main() {
+ ai := flag.String("ai", "eddsa", "ecdsa|eddsa (ECDSA-256 or EdDSA algorithm)")
crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
- prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
+ prvPath := flag.String("key", "cert.pem", "Path to server PKCS#8 private key")
bind := flag.String("bind", "[::1]:8080", "Bind address")
certs := flag.String("certs", "./certs", "Directory with pinned certificates")
ccerts := flag.String("ccerts", "./ccerts", "Directory with client certificates")
fifosDir := flag.String("fifos", "fifos", "Directory with FIFOs")
notai := flag.Bool("notai", false, "Do not prepend TAI64N to logs")
warcOnly := flag.Bool("warc-only", false, "Server only WARC URIs")
+ unzstdPath := flag.String("unzstd", "cmd/zstd/unzstd", "Path to unzstd utility")
flag.Parse()
log.SetFlags(log.Lshortfile)
fifos.NoTAI = *notai
fifos.Start(*fifosDir)
- tofuproxy.Certs = *certs
- tofuproxy.CCerts = *ccerts
- tofuproxy.DNSSrv = *dnsSrv
+ ttls.Certs = *certs
+ ttls.CCerts = *ccerts
+ ttls.DNSSrv = *dnsSrv
tofuproxy.CACert = caCert
tofuproxy.CAPrv = caPrv
+ tofuproxy.X509Algo = *ai
rounds.WARCOnly = *warcOnly
+ warc.UnZSTDPath = *unzstdPath
ln, err := net.Listen("tcp", *bind)
if err != nil {