diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | man/tlsdate-helper.1 | 8 | ||||
| -rw-r--r-- | man/tlsdate.1 | 10 |
3 files changed, 17 insertions, 2 deletions
@@ -5,6 +5,7 @@ Update documentation misc src changes (retab, formatting, includes, etc) Update AppArmor profiles + Add HTTP/socks4a/socks5 proxy support and update man page documentation 0.0.2 Monday 29 Oct, 2012 Released at the Metalab in Vienna during their third #CryptoParty Add '-n' and '--dont-set-clock' option to fetch but not set time diff --git a/man/tlsdate-helper.1 b/man/tlsdate-helper.1 index 9a0e81e..f9cd951 100644 --- a/man/tlsdate-helper.1 +++ b/man/tlsdate-helper.1 @@ -6,7 +6,7 @@ tlsdate-helper \- secure parasitic rdate replacement .SH SYNOPSIS .B tlsdate-helper host port protocol ca_racket verbose certdir setclock \ -showtime timewarp leapaway +showtime timewarp leapaway proxy-type://proxyhost:proxyport .SH DESCRIPTION .B tlsdate-helper is a tool for setting the system clock by hand or by communication @@ -16,6 +16,12 @@ whichever CA racket you believe is trustworthy. By default, tlsdate-helper trusts your local CA root store - so any of these companies could assist in a MITM attack against you and you'd be screwed. +The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: + + http://127.0.0.1:8118 + socks4a://127.0.0.1:9050 + socks5://127.0.0.1:9050 + This tool is designed to be run by hand or as a system daemon. It must be run as root or otherwise have the proper caps; it will not be able to set the system time without running as root or another privileged user. diff --git a/man/tlsdate.1 b/man/tlsdate.1 index 1fb726a..068855f 100644 --- a/man/tlsdate.1 +++ b/man/tlsdate.1 @@ -6,7 +6,7 @@ tlsdate \- secure parasitic rdate replacement .SH SYNOPSIS .B tlsdate [-hnvVstl] [-H [hostname]] [-p [port]] [-P [sslv23|sslv3|tlsv1]] \ -[--certdir [dirname]] +[--certdir [dirname]] [-x [--proxy] proxy-type://proxyhost:proxyport] .SH DESCRIPTION .B tlsdate is a tool for setting the system clock by hand or by communication @@ -39,6 +39,14 @@ This allows for certificate or certificate authority (CA) pinning. To ensure that signatures are only valid if they are signed by a specific CA or certificate, set the path to a directory containing only the desired certificates. +.IP "-x | --proxy [proxy-type://proxyhost:proxyport]" +The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: + + http://127.0.0.1:8118 + socks4a://127.0.0.1:9050 + socks5://127.0.0.1:9050 + +The proxy support should not leak DNS requests and is suitable for use with Tor. .IP "-v | --verbose" Provide verbose output .IP "-V | --showtime" |