X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=b1135b5ddfd5b0c552e7d17b43d8c60c6234f347;hb=78b9ddc7014a3a7d0cc38f7019a695a1c6139dc4;hp=9bd21ebc7518c15d02c43a965436c536045f6e87;hpb=2111876638f912fa7be56a3df315efbbfde91f38;p=privoxy.git

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 9bd21ebc..b1135b5d 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -3,7 +3,7 @@
 
  Purpose     :  Used with other docs and files only.
 
- Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
  See LICENSE.
 
  ========================================================================
@@ -90,7 +90,7 @@
  Sample Configuration File for Privoxy &p-version;
 </title>
 <para>
-Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
 </para>
 
 <literallayout>
@@ -1260,6 +1260,9 @@ actionsfile
     If the specified address isn't available on the system, or if the
     hostname can't be resolved, <application>Privoxy</application>
     will fail to start.
+    On GNU/Linux, and other platforms that can listen on not yet assigned IP
+    addresses, Privoxy will start and will listen on the specified
+    address whenever the IP address is assigned to the system
    </para>
    <para>
     IPv6 addresses containing colons have to be quoted by brackets.
@@ -1674,7 +1677,7 @@ ACLs: permit-access and deny-access</title>
     If your system implements
     <ulink url="http://tools.ietf.org/html/rfc3493">RFC 3493</ulink>, then
     <replaceable class="parameter">src_addr</replaceable> and <replaceable
-    class="parameter">dst_addr</replaceable> can be IPv6 addresses delimeted by
+    class="parameter">dst_addr</replaceable> can be IPv6 addresses delimited by
     brackets, <replaceable class="parameter">port</replaceable> can be a number
     or a service name, and
     <replaceable class="parameter">src_masklen</replaceable> and
@@ -3232,13 +3235,13 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     Under high load incoming connection may queue up before Privoxy
-    gets around to serve them. The queue length is limitted by the
+    gets around to serve them. The queue length is limited by the
     operating system. Once the queue is full, additional connections
     are dropped before Privoxy can accept and serve them.
    </para>
    <para>
     Increasing the queue length allows Privoxy to accept more
-    incomming connections that arrive roughly at the same time.
+    incoming connections that arrive roughly at the same time.
    </para>
    <para>
     Note that Privoxy can only request a certain queue length,
@@ -3679,7 +3682,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     # Define a couple of tags, the described effect requires action sections
     # that are enabled based on CLIENT-TAG patterns.
     client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
-    disable-content-filters Disable content-filters but do not affect other actions
+    client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
 </screen>
   </listitem>
  </varlistentry>
@@ -3942,6 +3945,10 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     CA key, the CA certificate and the trusted CAs file
     are located.
    </para>
+   <para>
+    The permissions should only let &my-app; and the  &my-app;
+    admin access the directory.
+   </para>
   </listitem>
  </varlistentry>
  <varlistentry>
@@ -4000,7 +4007,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     in ".crt" format.
    </para>
    <para>
-    It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+    The file is used by &my-app; to generate website certificates
+    when https inspection is enabled with the
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+    action.
+   </para>
+   <para>
+    &my-app; clients should import the certificate so that they
+    can validate the generated certificates.
+   </para>
+   <para>
+    The file can be generated with:
+    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
    </para>
   </listitem>
  </varlistentry>
@@ -4177,7 +4195,19 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the directory where generated
-    TLS/SSL keys and certificates are saved.
+    TLS/SSL keys and certificates are saved when https inspection
+    is enabled with the
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+    action.
+   </para>
+   <para>
+    The keys and certificates currently have to be deleted manually
+    when changing the <ulink url="#CA-CERT-FILE">ca-cert-file</ulink>
+    and the <ulink url="#CA-CERT-KEY">ca-cert-key</ulink>.
+   </para>
+   <para>
+    The permissions should only let &my-app; and the  &my-app;
+    admin access the directory.
    </para>
   </listitem>
  </varlistentry>
@@ -4234,7 +4264,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the trusted CAs file that is used when validating
-    certificates for intercepted TLS/SSL request.
+    certificates for intercepted TLS/SSL requests.
    </para>
    <para>
     An example file can be downloaded from