- <h2 class="SECT2"><a name="WINDOWS-GUI" id="WINDOWS-GUI">7.7. Windows
- GUI Options</a></h2>
-
- <p><span class="APPLICATION">Privoxy</span> has a number of options
- specific to the Windows GUI interface:</p><a name="ACTIVITY-ANIMATION"
- id="ACTIVITY-ANIMATION"></a>
-
- <p>If <span class="QUOTE">"activity-animation"</span> is set to 1, the
- <span class="APPLICATION">Privoxy</span> icon will animate when
- <span class="QUOTE">"Privoxy"</span> is active. To turn off, set to
- 0.</p>
-
- <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
- "emphasis"><i class="EMPHASIS">activity-animation 1</i></span><br>
- </tt></p><a name="LOG-MESSAGES" id=
- "LOG-MESSAGES"></a>
-
- <p>If <span class="QUOTE">"log-messages"</span> is set to 1,
- <span class="APPLICATION">Privoxy</span> will log messages to the
- console window:</p>
-
- <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
- "emphasis"><i class="EMPHASIS">log-messages 1</i></span><br>
- </tt></p><a name="LOG-BUFFER-SIZE" id=
- "LOG-BUFFER-SIZE"></a>
-
- <p>If <span class="QUOTE">"log-buffer-size"</span> is set to 1, the
- size of the log buffer, i.e. the amount of memory used for the log
- messages displayed in the console window, will be limited to
- <span class="QUOTE">"log-max-lines"</span> (see below).</p>
-
- <p>Warning: Setting this to 0 will result in the buffer to grow
- infinitely and eat up all your memory!</p>
-
- <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
- "emphasis"><i class="EMPHASIS">log-buffer-size 1</i></span><br>
- </tt></p><a name="LOG-MAX-LINES" id=
- "LOG-MAX-LINES"></a>
-
- <p><span class="APPLICATION">log-max-lines</span> is the maximum number
- of lines held in the log buffer. See above.</p>
-
- <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
- "emphasis"><i class="EMPHASIS">log-max-lines 200</i></span><br>
- </tt></p><a name="LOG-HIGHLIGHT-MESSAGES" id=
- "LOG-HIGHLIGHT-MESSAGES"></a>
-
- <p>If <span class="QUOTE">"log-highlight-messages"</span> is set to 1,
- <span class="APPLICATION">Privoxy</span> will highlight portions of the
- log messages with a bold-faced font:</p>
-
- <p class="LITERALLAYOUT"><tt class="LITERAL"> <span class=
- "emphasis"><i class="EMPHASIS">log-highlight-messages 1</i></span><br>
- </tt></p><a name="LOG-FONT-NAME" id=
- "LOG-FONT-NAME"></a>
-
+ <h2 class="SECT2"><a name="TLS" id="TLS">7.7. TLS/SSL Inspection (Experimental)</a></h2>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CA-DIRECTORY" id="CA-DIRECTORY">7.7.1. ca-directory</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Directory with the CA key, the CA certificate and the trusted CAs file.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p>Text</p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">Empty string</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Default value is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive specifies the directory where the CA key, the CA certificate and the trusted CAs file
+ are located.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>ca-directory /usr/local/etc/privoxy/CA</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CA-CERT-FILE" id="CA-CERT-FILE">7.7.2. ca-cert-file</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The CA certificate file in ".crt" format.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p>Text</p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">cacert.crt</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Default value is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive specifies the name of the CA certificate file in ".crt" format.</p>
+ <p>The file is used by <span class="APPLICATION">Privoxy</span> to generate website certificates when
+ https inspection is enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION"
+ target="_top">https-inspection</a></tt> action.</p>
+ <p><span class="APPLICATION">Privoxy</span> clients should import the certificate so that they can
+ validate the generated certificates.</p>
+ <p>The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
+ cacert.crt -days 3650</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>ca-cert-file root.crt</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CA-KEY-FILE" id="CA-KEY-FILE">7.7.3. ca-key-file</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The CA key file in ".pem" format.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p>Text</p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">cacert.pem</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Default value is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive specifies the name of the CA key file in ".pem" format. See the <a href="#CA-CERT-FILE"
+ target="_top">ca-cert-file</a> for a command to generate it.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>ca-key-file cakey.pem</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CA-PASSWORD" id="CA-PASSWORD">7.7.4. ca-password</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The password for the CA keyfile.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p>Text</p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">Empty string</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Default value is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive specifies the password for the CA keyfile that is used when Privoxy generates
+ certificates for intercepted requests.</p>
+ <p>Note that the password is shown on the CGI page so don't reuse an important one.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>ca-password blafasel</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CERTIFICATE-DIRECTORY" id="CERTIFICATE-DIRECTORY">7.7.5.
+ certificate-directory</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>Directory to save generated keys and certificates.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p>Text</p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">./certs</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Default value is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved when
+ https inspection is enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION"
+ target="_top">https-inspection</a></tt> action.</p>
+ <p>The keys and certificates currently have to be deleted manually when changing the <a href=
+ "#CA-CERT-FILE" target="_top">ca-cert-file</a> and the <a href="#CA-CERT-KEY" target=
+ "_top">ca-cert-key</a>.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
+ <div class="WARNING">
+ <table class="WARNING" border="1" width="90%">
+ <tr>
+ <td align="center"><b>Warning</b></td>
+ </tr>
+ <tr>
+ <td align="left">
+ <p><span class="APPLICATION">Privoxy</span> currently does not garbage-collect obsolete keys and
+ certificates and does not keep track of how may keys and certificates exist.</p>
+ <p><span class="APPLICATION">Privoxy</span> admins should monitor the size of the directory
+ and/or make sure there is sufficient space available. A cron job to limit the number of keys and
+ certificates to a certain number may be worth considering.</p>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>certificate-directory /usr/local/var/privoxy/certs</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="TRUSTED-CAS-FILE" id="TRUSTED-CAS-FILE">7.7.6. trusted-cas-file</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Specifies:</dt>
+ <dd>
+ <p>The trusted CAs file in ".pem" format.</p>
+ </dd>
+ <dt>Type of value:</dt>
+ <dd>
+ <p>File name relative to ca-directory</p>
+ </dd>
+ <dt>Default value:</dt>
+ <dd>
+ <p><span class="emphasis"><i class="EMPHASIS">trustedCAs.pem</i></span></p>
+ </dd>
+ <dt>Effect if unset:</dt>
+ <dd>
+ <p>Default value is used.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This directive specifies the trusted CAs file that is used when validating certificates for
+ intercepted TLS/SSL requests.</p>
+ <p>An example file can be downloaded from <a href="https://curl.haxx.se/ca/cacert.pem" target=
+ "_top">https://curl.haxx.se/ca/cacert.pem</a>.</p>
+ </dd>
+ <dt>Examples:</dt>
+ <dd>
+ <p>trusted-cas-file trusted_cas_file.pem</p>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ </div>
+ <div class="SECT2">
+ <h2 class="SECT2"><a name="WINDOWS-GUI" id="WINDOWS-GUI">7.8. Windows GUI Options</a></h2>
+ <p><span class="APPLICATION">Privoxy</span> has a number of options specific to the Windows GUI
+ interface:</p><a name="ACTIVITY-ANIMATION" id="ACTIVITY-ANIMATION"></a>
+ <p>If <span class="QUOTE">"activity-animation"</span> is set to 1, the <span class="APPLICATION">Privoxy</span>
+ icon will animate when <span class="QUOTE">"Privoxy"</span> is active. To turn off, set to 0.</p>
+ <p class="LITERALLAYOUT"> <span class="emphasis"><i class="EMPHASIS">activity-animation
+ 1</i></span></p><a name="LOG-MESSAGES" id="LOG-MESSAGES"></a>
+ <p>If <span class="QUOTE">"log-messages"</span> is set to 1, <span class="APPLICATION">Privoxy</span> copies log
+ messages to the console window. The log detail depends on the <a href="config.html#DEBUG">debug</a>
+ directive.</p>
+ <p class="LITERALLAYOUT"> <span class="emphasis"><i class="EMPHASIS">log-messages
+ 1</i></span></p><a name="LOG-BUFFER-SIZE" id="LOG-BUFFER-SIZE"></a>
+ <p>If <span class="QUOTE">"log-buffer-size"</span> is set to 1, the size of the log buffer, i.e. the amount of
+ memory used for the log messages displayed in the console window, will be limited to <span class=
+ "QUOTE">"log-max-lines"</span> (see below).</p>
+ <p>Warning: Setting this to 0 will result in the buffer to grow infinitely and eat up all your memory!</p>
+ <p class="LITERALLAYOUT"> <span class="emphasis"><i class="EMPHASIS">log-buffer-size
+ 1</i></span></p><a name="LOG-MAX-LINES" id="LOG-MAX-LINES"></a>
+ <p><span class="APPLICATION">log-max-lines</span> is the maximum number of lines held in the log buffer. See
+ above.</p>
+ <p class="LITERALLAYOUT"> <span class="emphasis"><i class="EMPHASIS">log-max-lines
+ 200</i></span></p><a name="LOG-HIGHLIGHT-MESSAGES" id="LOG-HIGHLIGHT-MESSAGES"></a>
+ <p>If <span class="QUOTE">"log-highlight-messages"</span> is set to 1, <span class="APPLICATION">Privoxy</span>
+ will highlight portions of the log messages with a bold-faced font:</p>
+ <p class="LITERALLAYOUT"> <span class="emphasis"><i class="EMPHASIS">log-highlight-messages
+ 1</i></span></p><a name="LOG-FONT-NAME" id="LOG-FONT-NAME"></a>