<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="PROGRAMLISTING"> debug 1 # Log the destination for each request <span class=
- "APPLICATION">Privoxy</span> let through. See also debug 1024.
+ <pre class=
+ "PROGRAMLISTING"> debug 1 # Log the destination for each request. See also debug 1024.
debug 2 # show each connection status
debug 4 # show I/O status
debug 8 # show header parsing
destination part are optional.</p>
<p>If your system implements <a href="http://tools.ietf.org/html/rfc3493" target="_top">RFC 3493</a>,
then <tt class="REPLACEABLE"><i>src_addr</i></tt> and <tt class="REPLACEABLE"><i>dst_addr</i></tt> can be
- IPv6 addresses delimeted by brackets, <tt class="REPLACEABLE"><i>port</i></tt> can be a number or a
+ IPv6 addresses delimited by brackets, <tt class="REPLACEABLE"><i>port</i></tt> can be a number or a
service name, and <tt class="REPLACEABLE"><i>src_masklen</i></tt> and <tt class=
"REPLACEABLE"><i>dst_masklen</i></tt> can be a number from 0 to 128.</p>
</dd>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
+ <pre class=
+ "SCREEN"> forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
forward .example.com .</pre>
</td>
</tr>
<dt>Notes:</dt>
<dd>
<p>Under high load incoming connection may queue up before Privoxy gets around to serve them. The queue
- length is limitted by the operating system. Once the queue is full, additional connections are dropped
+ length is limited by the operating system. Once the queue is full, additional connections are dropped
before Privoxy can accept and serve them.</p>
- <p>Increasing the queue length allows Privoxy to accept more incomming connections that arrive roughly at
+ <p>Increasing the queue length allows Privoxy to accept more incoming connections that arrive roughly at
the same time.</p>
<p>Note that Privoxy can only request a certain queue length, whether or not the requested length is
actually used depends on the operating system which may use a different length instead.</p>
</div>
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="TLS" id="TLS">7.7. TLS/SSL</a></h2>
+ <h2 class="SECT2"><a name="TLS" id="TLS">7.7. TLS/SSL Inspection</a></h2>
<div class="SECT3">
<h4 class="SECT3"><a name="CA-DIRECTORY" id="CA-DIRECTORY">7.7.1. ca-directory</a></h4>
<div class="VARIABLELIST">
<dd>
<p>This directive specifies the directory where the CA key, the CA certificate and the trusted CAs file
are located.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
</dd>
<dt>Examples:</dt>
<dd>
<dt>Notes:</dt>
<dd>
<p>This directive specifies the name of the CA certificate file in ".crt" format.</p>
- <p>It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt
- -days 3650</p>
+ <p>The file is used by <span class="APPLICATION">Privoxy</span> to generate website certificates when
+ https inspection is enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION"
+ target="_top">https-inspection</a></tt> action.</p>
+ <p><span class="APPLICATION">Privoxy</span> clients should import the certificate so that they can
+ validate the generated certificates.</p>
+ <p>The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
+ cacert.crt -days 3650</p>
</dd>
<dt>Examples:</dt>
<dd>
<dl>
<dt>Specifies:</dt>
<dd>
- <p>Directory to safe generated keys and certificates.</p>
+ <p>Directory to save generated keys and certificates.</p>
</dd>
<dt>Type of value:</dt>
<dd>
</dd>
<dt>Notes:</dt>
<dd>
- <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved.</p>
+ <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved when
+ https inspection is enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION"
+ target="_top">https-inspection</a></tt> action.</p>
+ <p>The keys and certificates currently have to be deleted manually when changing the <a href=
+ "#CA-CERT-FILE" target="_top">ca-cert-file</a> and the <a href="#CA-CERT-KEY" target=
+ "_top">ca-cert-key</a>.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
</dd>
<dt>Examples:</dt>
<dd>
<dt>Notes:</dt>
<dd>
<p>This directive specifies the trusted CAs file that is used when validating certificates for
- intercepted TLS/SSL request.</p>
+ intercepted TLS/SSL requests.</p>
<p>An example file can be downloaded from <a href="https://curl.haxx.se/ca/cacert.pem" target=
"_top">https://curl.haxx.se/ca/cacert.pem</a>.</p>
</dd>