X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=2c3a9cf43cddd681ae99e6dd4b68a1897bf41f9b;hp=2acf7fe5f6ad3b143f3ec664817e4bd627ae9176;hb=109444c5d8200fffe1157ae4e823928adc229158;hpb=f8e6e33a77893bf4f7c70353935c7d801f63438a

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 2acf7fe5..2c3a9cf4 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -3,7 +3,7 @@
 
  Purpose     :  Used with other docs and files only.
 
- Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
  See LICENSE.
 
  ========================================================================
@@ -90,7 +90,7 @@
  Sample Configuration File for Privoxy &p-version;
 </title>
 <para>
-Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
 </para>
 
 <literallayout>
@@ -1260,6 +1260,9 @@ actionsfile
     If the specified address isn't available on the system, or if the
     hostname can't be resolved, <application>Privoxy</application>
     will fail to start.
+    On GNU/Linux, and other platforms that can listen on not yet assigned IP
+    addresses, Privoxy will start and will listen on the specified
+    address whenever the IP address is assigned to the system
    </para>
    <para>
     IPv6 addresses containing colons have to be quoted by brackets.
@@ -3942,6 +3945,10 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     CA key, the CA certificate and the trusted CAs file
     are located.
    </para>
+   <para>
+    The permissions should only let &my-app; and the  &my-app;
+    admin access the directory.
+   </para>
   </listitem>
  </varlistentry>
  <varlistentry>
@@ -4000,7 +4007,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     in ".crt" format.
    </para>
    <para>
-    It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+    The file is used by &my-app; to generate website certificates
+    when https filtering is enabled with the
+    <literal><ulink url="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</ulink></literal>
+    action.
+   </para>
+   <para>
+    &my-app; clients should import the certificate so that they
+    can validate the generated certificates.
+   </para>
+   <para>
+    The file can be generated with:
+    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
    </para>
   </listitem>
  </varlistentry>
@@ -4177,7 +4195,19 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the directory where generated
-    TLS/SSL keys and certificates are saved.
+    TLS/SSL keys and certificates are saved when https filtering
+    is enabled with the
+    <literal><ulink url="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</ulink></literal>
+    action.
+   </para>
+   <para>
+    The keys and certificates currently have to be deleted manually
+    when changing the <ulink url="#CA-CERT-FILE">ca-cert-file</ulink>
+    and the <ulink url="#CA-CERT-KEY">ca-cert-key</ulink>.
+   </para>
+   <para>
+    The permissions should only let &my-app; and the  &my-app;
+    admin access the directory.
    </para>
   </listitem>
  </varlistentry>
@@ -4234,7 +4264,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the trusted CAs file that is used when validating
-    certificates for intercepted TLS/SSL request.
+    certificates for intercepted TLS/SSL requests.
    </para>
    <para>
     An example file can be downloaded from
