<p>If the address for the hostname isn't already known on the system (for example because it's in
/etc/hostname), this may result in DNS traffic.</p>
<p>If the specified address isn't available on the system, or if the hostname can't be resolved,
- <span class="APPLICATION">Privoxy</span> will fail to start.</p>
+ <span class="APPLICATION">Privoxy</span> will fail to start. On GNU/Linux, and other platforms that can
+ listen on not yet assigned IP addresses, Privoxy will start and will listen on the specified address
+ whenever the IP address is assigned to the system</p>
<p>IPv6 addresses containing colons have to be quoted by brackets. They can only be used if <span class=
"APPLICATION">Privoxy</span> has been compiled with IPv6 support. If you aren't sure if your version
supports it, have a look at <tt class="LITERAL">http://config.privoxy.org/show-status</tt>.</p>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
+ <pre class=
+ "SCREEN"> forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
forward .example.com .</pre>
</td>
</tr>
<pre class="SCREEN"> # Define a couple of tags, the described effect requires action sections
# that are enabled based on CLIENT-TAG patterns.
client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
- disable-content-filters Disable content-filters but do not affect other actions</pre>
+ client-specific-tag disable-content-filters Disable content-filters but do not affect other actions</pre>
</td>
</tr>
</table>
<dd>
<p>This directive specifies the directory where the CA key, the CA certificate and the trusted CAs file
are located.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
</dd>
<dt>Examples:</dt>
<dd>
<dt>Notes:</dt>
<dd>
<p>This directive specifies the name of the CA certificate file in ".crt" format.</p>
- <p>It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt
- -days 3650</p>
+ <p>The file is used by <span class="APPLICATION">Privoxy</span> to generate website certificates when
+ https filtering is enabled with the <tt class="LITERAL"><a href=
+ "actions-file.html#ENABLE-HTTPS-FILTERING" target="_top">enable-https-filtering</a></tt> action.</p>
+ <p><span class="APPLICATION">Privoxy</span> clients should import the certificate so that they can
+ validate the generated certificates.</p>
+ <p>The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
+ cacert.crt -days 3650</p>
</dd>
<dt>Examples:</dt>
<dd>
</dd>
<dt>Notes:</dt>
<dd>
- <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved.</p>
+ <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved when
+ https filtering is enabled with the <tt class="LITERAL"><a href=
+ "actions-file.html#ENABLE-HTTPS-FILTERING" target="_top">enable-https-filtering</a></tt> action.</p>
+ <p>The keys and certificates currently have to be deleted manually when changing the <a href=
+ "#CA-CERT-FILE" target="_top">ca-cert-file</a> and the <a href="#CA-CERT-KEY" target=
+ "_top">ca-cert-key</a>.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
</dd>
<dt>Examples:</dt>
<dd>
<dt>Notes:</dt>
<dd>
<p>This directive specifies the trusted CAs file that is used when validating certificates for
- intercepted TLS/SSL request.</p>
+ intercepted TLS/SSL requests.</p>
<p>An example file can be downloaded from <a href="https://curl.haxx.se/ca/cacert.pem" target=
"_top">https://curl.haxx.se/ca/cacert.pem</a>.</p>
</dd>