X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=config;h=ccf83741b4a4b98861532075a4587a9eab1ca139;hb=109444c5d8200fffe1157ae4e823928adc229158;hp=0afa1e127f3ea8ce09c22030e0904d3fe3bc37a9;hpb=b40ce8d987a250f6ce14e506fc05bfa8e9e37f27;p=privoxy.git diff --git a/config b/config index 0afa1e12..ccf83741 100644 --- a/config +++ b/config @@ -1,6 +1,6 @@ # Sample Configuration File for Privoxy 3.0.29 # -# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/ +# Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/ # ##################################################################### # # @@ -731,7 +731,11 @@ logfile logfile # result in DNS traffic. # # If the specified address isn't available on the system, or if -# the hostname can't be resolved, Privoxy will fail to start. +# the hostname can't be resolved, Privoxy will fail to start. On +# GNU/Linux, and other platforms that can listen on not yet +# assigned IP addresses, Privoxy will start and will listen on +# the specified address whenever the IP address is assigned to +# the system # # IPv6 addresses containing colons have to be quoted by # brackets. They can only be used if Privoxy has been compiled @@ -2290,8 +2294,7 @@ socket-timeout 300 # # Define a couple of tags, the described effect requires action sections # # that are enabled based on CLIENT-TAG patterns. # client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions -# disable-content-filters Disable content-filters but do not affect other actions -# +# client-specific-tag disable-content-filters Disable content-filters but do not affect other actions # # # 6.17. client-tag-lifetime @@ -2464,6 +2467,9 @@ socket-timeout 300 # This directive specifies the directory where the CA key, the # CA certificate and the trusted CAs file are located. # +# The permissions should only let Privoxy and the Privoxy admin +# access the directory. +# # Examples: # # ca-directory /usr/local/etc/privoxy/CA @@ -2494,8 +2500,15 @@ socket-timeout 300 # This directive specifies the name of the CA certificate file # in ".crt" format. # -# It can be generated with: openssl req -new -x509 -extensions -# v3_ca -keyout cakey.pem -out cacert.crt -days 3650 +# The file is used by Privoxy to generate website certificates +# when https filtering is enabled with the +# enable-https-filtering action. +# +# Privoxy clients should import the certificate so that they can +# validate the generated certificates. +# +# The file can be generated with: openssl req -new -x509 +# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 # # Examples: # @@ -2589,7 +2602,14 @@ socket-timeout 300 # Notes: # # This directive specifies the directory where generated TLS/SSL -# keys and certificates are saved. +# keys and certificates are saved when https filtering is +# enabled with the enable-https-filtering action. +# +# The keys and certificates currently have to be deleted +# manually when changing the ca-cert-file and the ca-cert-key. +# +# The permissions should only let Privoxy and the Privoxy admin +# access the directory. # # Examples: # @@ -2619,7 +2639,7 @@ socket-timeout 300 # Notes: # # This directive specifies the trusted CAs file that is used -# when validating certificates for intercepted TLS/SSL request. +# when validating certificates for intercepted TLS/SSL requests. # # An example file can be downloaded from https://curl.haxx.se/ca # /cacert.pem.