X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=f5bc81f66f6715d6c3eed48196ccb4b08292573a;hp=877cbdf0548c0c1ffd3d6a963510e1cf77e9b649;hb=4634f728955847bfb053f6a887bc13fb230cecb0;hpb=f81cc485c64f26bbb699e948c655bd036f8d103c

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 877cbdf0..f5bc81f6 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -3,7 +3,7 @@
 
  Purpose     :  Used with other docs and files only.
 
- Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
  See LICENSE.
 
  ========================================================================
@@ -90,7 +90,7 @@
  Sample Configuration File for Privoxy &p-version;
 </title>
 <para>
-Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
 </para>
 
 <literallayout>
@@ -1016,7 +1016,7 @@ actionsfile
     The available debug levels are:
    </para>
     <programlisting>
-  debug     1 # Log the destination for each request &my-app; let through. See also debug 1024.
+  debug     1 # Log the destination for each request. See also debug 1024.
   debug     2 # show each connection status
   debug     4 # show I/O status
   debug     8 # show header parsing
@@ -1677,7 +1677,7 @@ ACLs: permit-access and deny-access</title>
     If your system implements
     <ulink url="http://tools.ietf.org/html/rfc3493">RFC 3493</ulink>, then
     <replaceable class="parameter">src_addr</replaceable> and <replaceable
-    class="parameter">dst_addr</replaceable> can be IPv6 addresses delimeted by
+    class="parameter">dst_addr</replaceable> can be IPv6 addresses delimited by
     brackets, <replaceable class="parameter">port</replaceable> can be a number
     or a service name, and
     <replaceable class="parameter">src_masklen</replaceable> and
@@ -2951,7 +2951,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   </listitem>
  </varlistentry>
 </variablelist>
-<![%config-file;[<literallayout>@@#default-server-timeout 60</literallayout>]]>
+<![%config-file;[<literallayout>@@#default-server-timeout 5</literallayout>]]>
 </sect3>
 
 
@@ -3235,13 +3235,13 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     Under high load incoming connection may queue up before Privoxy
-    gets around to serve them. The queue length is limitted by the
+    gets around to serve them. The queue length is limited by the
     operating system. Once the queue is full, additional connections
     are dropped before Privoxy can accept and serve them.
    </para>
    <para>
     Increasing the queue length allows Privoxy to accept more
-    incomming connections that arrive roughly at the same time.
+    incoming connections that arrive roughly at the same time.
    </para>
    <para>
     Note that Privoxy can only request a certain queue length,
@@ -3901,7 +3901,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
 
 
 <sect2 id="tls">
-<title>TLS/SSL</title>
+<title>TLS/SSL Inspection (Experimental)</title>
 
 <!--   ~~~~~       New section      ~~~~~     -->
 
@@ -4007,7 +4007,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     in ".crt" format.
    </para>
    <para>
-    It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+    The file is used by &my-app; to generate website certificates
+    when https inspection is enabled with the
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+    action.
+   </para>
+   <para>
+    &my-app; clients should import the certificate so that they
+    can validate the generated certificates.
+   </para>
+   <para>
+    The file can be generated with:
+    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
    </para>
   </listitem>
  </varlistentry>
@@ -4078,7 +4089,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   </listitem>
  </varlistentry>
 </variablelist>
-<![%config-file;[<literallayout>@@#ca-key-file root.pem</literallayout>]]>
+<![%config-file;[<literallayout>@@#ca-key-file cakey.pem</literallayout>]]>
 </sect3>
 
 <!--  ~  End section  ~  -->
@@ -4153,7 +4164,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <term>Specifies:</term>
   <listitem>
    <para>
-    Directory to safe generated keys and certificates.
+    Directory to save generated keys and certificates.
    </para>
   </listitem>
  </varlistentry>
@@ -4184,10 +4195,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the directory where generated
-    TLS/SSL keys and certificates are saved.
+    TLS/SSL keys and certificates are saved when https inspection
+    is enabled with the
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+    action.
    </para>
    <para>
-    The permissions should only let &my-app; and the  &my-app;
+    The keys and certificates currently have to be deleted manually
+    when changing the <ulink url="#CA-CERT-FILE">ca-cert-file</ulink>
+    and the <ulink url="#CA-CERT-KEY">ca-cert-key</ulink>.
+   </para>
+   <para>
+    The permissions should only let &my-app; and the &my-app;
     admin access the directory.
    </para>
   </listitem>
@@ -4245,7 +4264,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the trusted CAs file that is used when validating
-    certificates for intercepted TLS/SSL request.
+    certificates for intercepted TLS/SSL requests.
    </para>
    <para>
     An example file can be downloaded from