# Sample Configuration File for Privoxy 3.0.29
#
-# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
#
#####################################################################
# #
# result in DNS traffic.
#
# If the specified address isn't available on the system, or if
-# the hostname can't be resolved, Privoxy will fail to start.
+# the hostname can't be resolved, Privoxy will fail to start. On
+# GNU/Linux, and other platforms that can listen on not yet
+# assigned IP addresses, Privoxy will start and will listen on
+# the specified address whenever the IP address is assigned to
+# the system
#
# IPv6 addresses containing colons have to be quoted by
# brackets. They can only be used if Privoxy has been compiled
# # Define a couple of tags, the described effect requires action sections
# # that are enabled based on CLIENT-TAG patterns.
# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
-# disable-content-filters Disable content-filters but do not affect other actions
-#
+# client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
#
#
# 6.17. client-tag-lifetime
# This directive specifies the directory where the CA key, the
# CA certificate and the trusted CAs file are located.
#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
+#
# Examples:
#
# ca-directory /usr/local/etc/privoxy/CA
# This directive specifies the name of the CA certificate file
# in ".crt" format.
#
-# It can be generated with: openssl req -new -x509 -extensions
-# v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+# The file is used by Privoxy to generate website certificates
+# when https inspection is enabled with the https-inspection
+# action.
+#
+# Privoxy clients should import the certificate so that they can
+# validate the generated certificates.
+#
+# The file can be generated with: openssl req -new -x509
+# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
#
# Examples:
#
# Notes:
#
# This directive specifies the directory where generated TLS/SSL
-# keys and certificates are saved.
+# keys and certificates are saved when https inspection is
+# enabled with the https-inspection action.
+#
+# The keys and certificates currently have to be deleted
+# manually when changing the ca-cert-file and the ca-cert-key.
+#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
#
# Examples:
#
# Notes:
#
# This directive specifies the trusted CAs file that is used
-# when validating certificates for intercepted TLS/SSL request.
+# when validating certificates for intercepted TLS/SSL requests.
#
# An example file can be downloaded from https://curl.haxx.se/ca
# /cacert.pem.