X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=ac2aba5880a4b4f704f10959eea06c1173890c67;hp=ccf83741b4a4b98861532075a4587a9eab1ca139;hb=da763b66783685cced48d6795d8ddf3de76200fd;hpb=1469fb540a6dc8e4df8974054735d82ea025a6a5

diff --git a/config b/config
index ccf83741..ac2aba58 100644
--- a/config
+++ b/config
@@ -567,7 +567,7 @@ logfile logfile
 #
 #      The available debug levels are:
 #
-#        debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
+#        debug     1 # Log the destination for each request. See also debug 1024.
 #        debug     2 # show each connection status
 #        debug     4 # show I/O status
 #        debug     8 # show header parsing
@@ -609,7 +609,7 @@ logfile logfile
 #      you read the log messages, you may even be able to solve the
 #      problem on your own.
 #
-#debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
+#debug     1 # Log the destination for each request.
 #debug  1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
 #debug  4096 # Startup banner and warnings
 #debug  8192 # Non-fatal errors
@@ -1000,7 +1000,7 @@ enforce-blocks 0
 #      whole destination part are optional.
 #
 #      If your system implements RFC 3493, then src_addr and dst_addr
-#      can be IPv6 addresses delimeted by brackets, port can be a
+#      can be IPv6 addresses delimited by brackets, port can be a
 #      number or a service name, and src_masklen and dst_masklen can
 #      be a number from 0 to 128.
 #
@@ -1797,7 +1797,7 @@ tolerate-pipelining 1
 #
 #      default-server-timeout 60
 #
-#default-server-timeout 60
+#default-server-timeout 5
 #
 #  6.7. connection-sharing
 #  ========================
@@ -1986,13 +1986,13 @@ socket-timeout 300
 #  Notes:
 #
 #      Under high load incoming connection may queue up before
-#      Privoxy gets around to serve them. The queue length is
-#      limitted by the operating system. Once the queue is full,
-#      additional connections are dropped before Privoxy can accept
-#      and serve them.
+#      Privoxy gets around to serve them. The queue length is limited
+#      by the operating system. Once the queue is full, additional
+#      connections are dropped before Privoxy can accept and serve
+#      them.
 #
 #      Increasing the queue length allows Privoxy to accept more
-#      incomming connections that arrive roughly at the same time.
+#      incoming connections that arrive roughly at the same time.
 #
 #      Note that Privoxy can only request a certain queue length,
 #      whether or not the requested length is actually used depends
@@ -2439,8 +2439,8 @@ socket-timeout 300
 #            receive-buffer-size 32768
 #
 #
-#  7. TLS/SSL
-#  ===========
+#  7. TLS/SSL INSPECTION (EXPERIMENTAL)
+#  =====================================
 #
 #  7.1. ca-directory
 #  ==================
@@ -2501,8 +2501,8 @@ socket-timeout 300
 #      in ".crt" format.
 #
 #      The file is used by Privoxy to generate website certificates
-#      when https filtering is enabled with the
-#      enable-https-filtering action.
+#      when https inspection is enabled with the https-inspection
+#      action.
 #
 #      Privoxy clients should import the certificate so that they can
 #      validate the generated certificates.
@@ -2544,7 +2544,7 @@ socket-timeout 300
 #
 #      ca-key-file cakey.pem
 #
-#ca-key-file root.pem
+#ca-key-file cakey.pem
 #
 #  7.4. ca-password
 #  =================
@@ -2585,7 +2585,7 @@ socket-timeout 300
 #
 #  Specifies:
 #
-#      Directory to safe generated keys and certificates.
+#      Directory to save generated keys and certificates.
 #
 #  Type of value:
 #
@@ -2602,8 +2602,8 @@ socket-timeout 300
 #  Notes:
 #
 #      This directive specifies the directory where generated TLS/SSL
-#      keys and certificates are saved when https filtering is
-#      enabled with the enable-https-filtering action.
+#      keys and certificates are saved when https inspection is
+#      enabled with the https-inspection action.
 #
 #      The keys and certificates currently have to be deleted
 #      manually when changing the ca-cert-file and the ca-cert-key.
@@ -2611,6 +2611,19 @@ socket-timeout 300
 #      The permissions should only let Privoxy and the Privoxy admin
 #      access the directory.
 #
+#      +-----------------------------------------------------+
+#      |                       Warning                       |
+#      |-----------------------------------------------------|
+#      |Privoxy currently does not garbage-collect obsolete  |
+#      |keys and certificates and does not keep track of how |
+#      |may keys and certificates exist.                     |
+#      |                                                     |
+#      |Privoxy admins should monitor the size of the        |
+#      |directory and/or make sure there is sufficient space |
+#      |available. A cron job to limit the number of keys and|
+#      |certificates to a certain number may be worth        |
+#      |considering.                                         |
+#      +-----------------------------------------------------+
 #  Examples:
 #
 #      certificate-directory /usr/local/var/privoxy/certs