X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=427483216f2addef8afc218d276d0cf40f53c14b;hp=89a094c2697c207fcb5b2122acdbd1f677d6beb1;hb=84c83a9ed197cb5d90fc92fc1e6361fe7e0b5c71;hpb=8f3d47e4a70173eb51d5ecfc02d2f3263f7b768d diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 89a094c2..42748321 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -1016,7 +1016,7 @@ actionsfile The available debug levels are: - debug 1 # Log the destination for each request &my-app; let through. See also debug 1024. + debug 1 # Log the destination for each request. See also debug 1024. debug 2 # show each connection status debug 4 # show I/O status debug 8 # show header parsing @@ -1677,7 +1677,7 @@ ACLs: permit-access and deny-access If your system implements RFC 3493, then src_addr and dst_addr can be IPv6 addresses delimeted by + class="parameter">dst_addr can be IPv6 addresses delimited by brackets, port can be a number or a service name, and src_masklen and @@ -3235,13 +3235,13 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Under high load incoming connection may queue up before Privoxy - gets around to serve them. The queue length is limitted by the + gets around to serve them. The queue length is limited by the operating system. Once the queue is full, additional connections are dropped before Privoxy can accept and serve them. Increasing the queue length allows Privoxy to accept more - incomming connections that arrive roughly at the same time. + incoming connections that arrive roughly at the same time. Note that Privoxy can only request a certain queue length, @@ -3901,7 +3901,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t -TLS/SSL +TLS/SSL Inspection @@ -4007,7 +4007,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t in ".crt" format. - It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 + The file is used by &my-app; to generate website certificates + when https inspection is enabled with the + https-inspection + action. + + + &my-app; clients should import the certificate so that they + can validate the generated certificates. + + + The file can be generated with: + openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 @@ -4153,7 +4164,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t Specifies: - Directory to safe generated keys and certificates. + Directory to save generated keys and certificates. @@ -4184,7 +4195,15 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t This directive specifies the directory where generated - TLS/SSL keys and certificates are saved. + TLS/SSL keys and certificates are saved when https inspection + is enabled with the + https-inspection + action. + + + The keys and certificates currently have to be deleted manually + when changing the ca-cert-file + and the ca-cert-key. The permissions should only let &my-app; and the &my-app; @@ -4245,7 +4264,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t This directive specifies the trusted CAs file that is used when validating - certificates for intercepted TLS/SSL request. + certificates for intercepted TLS/SSL requests. An example file can be downloaded from