X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=9bd21ebc7518c15d02c43a965436c536045f6e87;hp=0ca500628218eaa89dcc3f2c3e61dd4eb6e9b3c2;hb=2111876638;hpb=d488a5e9de9c4915322ce997f2443a07c3acf467
diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 0ca50062..9bd21ebc 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -107,7 +107,8 @@ Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
6. MISCELLANEOUS #
- 7. WINDOWS GUI OPTIONS #
+ 7. TLS #
+ 8. WINDOWS GUI OPTIONS #
#
##################################################################
@@ -3895,6 +3896,368 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
+
+
+TLS/SSL
+
+
+
+ca-directory
+
+
+ Specifies:
+
+
+ Directory with the CA key, the CA certificate and the trusted CAs file.
+
+
+
+
+ Type of value:
+
+
+ Text
+
+
+
+
+ Default value:
+
+ Empty string
+
+
+
+ Effect if unset:
+
+
+ Default value is used.
+
+
+
+
+ Notes:
+
+
+ This directive specifies the directory where the
+ CA key, the CA certificate and the trusted CAs file
+ are located.
+
+
+
+
+ Examples:
+
+
+ ca-directory /usr/local/etc/privoxy/CA
+
+
+
+
+@@#ca-directory /usr/local/etc/privoxy/CA]]>
+
+
+
+
+
+
+ca-cert-file
+
+
+ Specifies:
+
+
+ The CA certificate file in ".crt" format.
+
+
+
+
+ Type of value:
+
+
+ Text
+
+
+
+
+ Default value:
+
+ cacert.crt
+
+
+
+ Effect if unset:
+
+
+ Default value is used.
+
+
+
+
+ Notes:
+
+
+ This directive specifies the name of the CA certificate file
+ in ".crt" format.
+
+
+ It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+
+
+
+
+ Examples:
+
+
+ ca-cert-file root.crt
+
+
+
+
+@@#ca-cert-file cacert.crt]]>
+
+
+
+
+
+
+ca-key-file
+
+
+ Specifies:
+
+
+ The CA key file in ".pem" format.
+
+
+
+
+ Type of value:
+
+
+ Text
+
+
+
+
+ Default value:
+
+ cacert.pem
+
+
+
+ Effect if unset:
+
+
+ Default value is used.
+
+
+
+
+ Notes:
+
+
+ This directive specifies the name of the CA key file
+ in ".pem" format. See the ca-cert-file
+ for a command to generate it.
+
+
+
+
+ Examples:
+
+
+ ca-key-file cakey.pem
+
+
+
+
+@@#ca-key-file root.pem]]>
+
+
+
+
+
+
+ca-password
+
+
+ Specifies:
+
+
+ The password for the CA keyfile.
+
+
+
+
+ Type of value:
+
+
+ Text
+
+
+
+
+ Default value:
+
+ Empty string
+
+
+
+ Effect if unset:
+
+
+ Default value is used.
+
+
+
+
+ Notes:
+
+
+ This directive specifies the password for the CA keyfile
+ that is used when Privoxy generates certificates for intercepted
+ requests.
+
+
+ Note that the password is shown on the CGI page so don't
+ reuse an important one.
+
+
+
+
+ Examples:
+
+
+ ca-password blafasel
+
+
+
+
+@@#ca-password swordfish]]>
+
+
+
+
+
+
+certificate-directory
+
+
+ Specifies:
+
+
+ Directory to safe generated keys and certificates.
+
+
+
+
+ Type of value:
+
+
+ Text
+
+
+
+
+ Default value:
+
+ ./certs
+
+
+
+ Effect if unset:
+
+
+ Default value is used.
+
+
+
+
+ Notes:
+
+
+ This directive specifies the directory where generated
+ TLS/SSL keys and certificates are saved.
+
+
+
+
+ Examples:
+
+
+ certificate-directory /usr/local/var/privoxy/certs
+
+
+
+
+@@#certificate-directory /usr/local/var/privoxy/certs]]>
+
+
+
+
+
+
+trusted-cas-file
+
+
+ Specifies:
+
+
+ The trusted CAs file in ".pem" format.
+
+
+
+
+ Type of value:
+
+
+ File name relative to ca-directory
+
+
+
+
+ Default value:
+
+ trustedCAs.pem
+
+
+
+ Effect if unset:
+
+
+ Default value is used.
+
+
+
+
+ Notes:
+
+
+ This directive specifies the trusted CAs file that is used when validating
+ certificates for intercepted TLS/SSL request.
+
+
+ An example file can be downloaded from
+ https://curl.haxx.se/ca/cacert.pem.
+
+
+
+
+ Examples:
+
+
+ trusted-cas-file trusted_cas_file.pem
+
+
+
+
+@@#trusted-cas-file trustedCAs.pem]]>
+
+
+
+
+
+