\input texinfo
-@documentencoding UTF-8
@settitle tofuproxy
@copying
-Copyright @copyright{} 2021-2022 @email{stargrave@@stargrave.org, Sergey Matveev}
+Copyright @copyright{} 2021-2023 @email{stargrave@@stargrave.org, Sergey Matveev}
@end copying
@node Top
flexible HTTP/HTTPS proxy server, TLS terminator, X.509 TOFU manager,
@url{https://en.wikipedia.org/wiki/Web_ARChive, WARC} and
@url{https://en.wikipedia.org/wiki/Gemini_(protocol), geminispace}
-browser, written on @url{https://golang.org/, Go} with following
+browser, written on @url{https://go.dev/, Go} with following
capabilities:
@itemize
use @code{SubjectAltName} extension), you can still make a decision to
forcefully trust the domain.
+@item
+CAs can have restrictions on what domains they are allowed to be served.
+
@item
Optional @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE-EE} check.
Permanent HTTP redirects are replaces with non-refreshing HTML page with
the link, to make you explicitly allow that step. Temporary redirects
are followed if it is neither @url{https://newsboat.org/, Newsboat}
+nor @url{https://www.feeder.stargrave.org/, go.stargrave.org/feeder}
user-agent, not image paths.
@item
@item
Various spying domains (advertisement, tracking counters) are denied.
-@item
-@code{HEAD} method is forbidden. Xombrero likes it too much.
-
@item
@code{www.reddit.com} is redirected to @code{old.reddit.com} (because it
works without JavaScript and looks nicer).
@end itemize
+@insertcopying
+
@include why.texi
+@include install.texi
@include usage.texi
@include spies.texi
@include certs.texi
@include tlsauth.texi
+@include restricted.texi
@include httpauth.texi
@include warcs.texi
@include gemini.texi