From git at git.privoxy.org  Wed Feb  4 14:03:32 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 04 Feb 2026 14:03:32 +0100
Subject: [Privoxy-commits] [privoxy] 01/03: configure: Bump version to 4.2.0
 UNRELEASED
In-Reply-To: <177021021127.33587.8875685317161428278@privoxy-git>
References: <177021021127.33587.8875685317161428278@privoxy-git>
Message-ID: <20260204130331.E2E04594A@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 94c436ef5917f3ba73820423ea53e783aff24174
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Fri Jan 9 04:40:54 2026 +0100

    configure: Bump version to 4.2.0 UNRELEASED
---
 configure.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.in b/configure.in
index 5d2e3f37..d987fd25 100644
--- a/configure.in
+++ b/configure.in
@@ -79,9 +79,9 @@ dnl set status to "UNRELEASED" whenever git differs from the last
 dnl release and no new release is near.
 
 VERSION_MAJOR=4
-VERSION_MINOR=1
+VERSION_MINOR=2
 VERSION_POINT=0
-CODE_STATUS="stable"
+CODE_STATUS="UNRELEASED"
 
 dnl Timestamp (date +%s) used by the mtree-spec target.
 dnl Should be updated before releases but forgetting it isn't critical.

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb  4 14:03:33 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 04 Feb 2026 14:03:33 +0100
Subject: [Privoxy-commits] [privoxy] 02/03: Bump SMGL entities for 4.2.0
 UNRELEASED
In-Reply-To: <177021021127.33587.8875685317161428278@privoxy-git>
References: <177021021127.33587.8875685317161428278@privoxy-git>
Message-ID: <20260204130332.42104594C@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit e1be40be3fe01126fee17aaf238afc2d8a9f9783
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Fri Jan 9 04:55:41 2026 +0100

    Bump SMGL entities for 4.2.0 UNRELEASED
---
 doc/source/authors.sgml          | 8 ++++----
 doc/source/config.sgml           | 6 +++---
 doc/source/developer-manual.sgml | 8 ++++----
 doc/source/faq.sgml              | 8 ++++----
 doc/source/install.sgml          | 8 ++++----
 doc/source/privoxy-man-page.sgml | 8 ++++----
 doc/source/readme.sgml           | 8 ++++----
 doc/source/user-manual.sgml      | 8 ++++----
 doc/source/webserver/index.sgml  | 8 ++++----
 9 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/doc/source/authors.sgml b/doc/source/authors.sgml
index 8e0d0d22..abe3f525 100644
--- a/doc/source/authors.sgml
+++ b/doc/source/authors.sgml
@@ -23,10 +23,10 @@
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
 <!entity % dummy "IGNORE">
 <!entity authors SYSTEM "p-authors.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity % p-text "INCLUDE">           <!-- define we are a text only doc -->
 <!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc  -->
 ]>
diff --git a/doc/source/config.sgml b/doc/source/config.sgml
index bb3252cb..9147e1e9 100644
--- a/doc/source/config.sgml
+++ b/doc/source/config.sgml
@@ -1,9 +1,9 @@
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN"[
 <!entity % dummy "IGNORE">
 <!entity config SYSTEM "p-config.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
 <!entity % user-man "IGNORE">
 <!entity % config-file "IGNORE">
 <!entity  my-app "<application>Privoxy</application>">
diff --git a/doc/source/developer-manual.sgml b/doc/source/developer-manual.sgml
index d31ccc03..2113d6b3 100644
--- a/doc/source/developer-manual.sgml
+++ b/doc/source/developer-manual.sgml
@@ -5,10 +5,10 @@
 <!entity p-intro SYSTEM "privoxy.sgml">
 <!entity history SYSTEM "history.sgml">
 <!entity seealso SYSTEM "seealso.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity % p-text "IGNORE">        <!-- define we are not a text only doc -->
 <!entity % p-doc "INCLUDE">        <!-- and we are a formal doc           -->
 <!entity % seealso-extra "INCLUDE"> <!-- extra stuff from seealso.sgml    -->
diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml
index 916335c0..85af14e0 100644
--- a/doc/source/faq.sgml
+++ b/doc/source/faq.sgml
@@ -9,10 +9,10 @@
 <!entity copyright SYSTEM "copyright.sgml">
 <!entity license SYSTEM "license.sgml">
 <!entity license-explanation SYSTEM "license-explanation.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity % p-text "IGNORE">        <!-- define we are not a text only doc -->
 <!entity % p-doc "INCLUDE">        <!-- and we are a formal doc           -->
 <!entity % p-supp-userman "INCLUDE"> <!-- Include all from supported.sgml -->
diff --git a/doc/source/install.sgml b/doc/source/install.sgml
index 165e3367..41749190 100644
--- a/doc/source/install.sgml
+++ b/doc/source/install.sgml
@@ -1,10 +1,10 @@
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
 <!entity % dummy "IGNORE">
 <!entity buildsource SYSTEM "buildsource.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-stable "INCLUDE">
-<!entity % p-not-stable "IGNORE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-stable "IGNORE">
+<!entity % p-not-stable "INCLUDE">
 <!entity % p-alpha "IGNORE">
 <!entity % p-beta "IGNORE">
 <!entity % p-text "INCLUDE">       <!-- define we are a text only doc    -->
diff --git a/doc/source/privoxy-man-page.sgml b/doc/source/privoxy-man-page.sgml
index ce5a8215..8ee1038c 100644
--- a/doc/source/privoxy-man-page.sgml
+++ b/doc/source/privoxy-man-page.sgml
@@ -38,10 +38,10 @@
 <!entity copyright SYSTEM "copyright.sgml">
 <!entity license SYSTEM "license.sgml">
 <!entity authors SYSTEM "p-authors.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity % p-text "IGNORE">           <!-- define we are not a text only doc -->
 <!entity % p-authors-formal "IGNORE"> <!-- exclude additional formatting      -->
 <!entity my-copy "(C)">               <!-- db2man barfs on copyright symbol  -->
diff --git a/doc/source/readme.sgml b/doc/source/readme.sgml
index 1edda49f..0e2fe2b6 100644
--- a/doc/source/readme.sgml
+++ b/doc/source/readme.sgml
@@ -4,10 +4,10 @@
 <!entity p-intro SYSTEM "privoxy.sgml">
 <!entity contacting SYSTEM "contacting.sgml">
 <!entity buildsource SYSTEM "buildsource.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity % p-text "INCLUDE">       <!-- define we are a text only doc    -->
 <!entity % p-doc "IGNORE">         <!-- and never a text doc             -->
 <!entity % p-readme "INCLUDE">     <!-- all your README belong to us     -->
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 7e10bea9..a6aadfc6 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -14,11 +14,11 @@
 <!entity p-authors SYSTEM "p-authors.sgml">
 <!entity config SYSTEM "p-config.sgml">
 <!entity changelog SYSTEM "changelog.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
 <!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc  -->
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity % p-text "IGNORE">        <!-- define we are not a text only doc -->
 <!entity % p-doc "INCLUDE">        <!-- and we are a formal doc           -->
 <!entity % p-readme "IGNORE">
diff --git a/doc/source/webserver/index.sgml b/doc/source/webserver/index.sgml
index a2be0fad..a8efcadf 100644
--- a/doc/source/webserver/index.sgml
+++ b/doc/source/webserver/index.sgml
@@ -6,10 +6,10 @@
 <!entity copyright SYSTEM "copyright.sgml">
 <!entity license SYSTEM "license.sgml">
 <!entity license-explanation SYSTEM "license-explanation.sgml">
-<!entity p-version "4.1.0">
-<!entity p-status "stable">
-<!entity % p-not-stable "IGNORE">
-<!entity % p-stable "INCLUDE">
+<!entity p-version "4.2.0">
+<!entity p-status "UNRELEASED">
+<!entity % p-not-stable "INCLUDE">
+<!entity % p-stable "IGNORE">
 <!entity  my-copy "&copy;">        <!-- kludge for docbook2man            -->
 <!entity % p-homepage "IGNORE">    <!-- toggle for webserver index.html   -->
 <!entity % p-index "IGNORE">       <!-- toggle for local doc index        -->

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb  4 14:03:34 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 04 Feb 2026 14:03:34 +0100
Subject: [Privoxy-commits] [privoxy] 03/03: Block .parsely.com/p(logger|x)/
In-Reply-To: <177021021127.33587.8875685317161428278@privoxy-git>
References: <177021021127.33587.8875685317161428278@privoxy-git>
Message-ID: <20260204130332.75360594E@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 4255bc11f9cc06b8368d2538868920beb000ff65
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Wed Jan 7 09:57:54 2026 +0100

    Block .parsely.com/p(logger|x)/
    
    ... to match URLs that weren't covered by ".pixel.parsely.com/".
---
 default.action.master | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/default.action.master b/default.action.master
index 9caa602c..78d69f8a 100644
--- a/default.action.master
+++ b/default.action.master
@@ -1007,7 +1007,9 @@ collector.githubapp.com/
 # Blocked URL = http://consentmanager.mgr.consensu.org/delivery/pixel.php?id=11319&did=0&cfdid=0&t=pv&h=https%3A%2F%2Fsourceforge.net%2Fp%2Fijbswa%2Ffeature-requests%2F535%2F&o=1591880198219&l=EN&lv=0&d=0&ct=14&e=&e2=&e3=&i=&sv=0&dv=0
 .consensu.org/delivery/pixel\.php
 # Blocked URL = https://srv-2020-08-22-20.pixel.parsely.com/plogger/?rand=1598128327825&plid=94157330&idsite=theverge.com&url=https%3A%2F%2Fwww.theverge.com%2F2020%2F8%2F21%2F21396316%2Fapple-wordpress-in-app-purchase-tax-update-store&urlref=&screen=1366x768%7C1366x768%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.theverge.com%2F2020%2F8%2F21%2F21396316%2Fapple-wordpress-in-app-purchase-tax-update-store&sref=&sts=1598128167510&slts=0&date=Sat+Aug+22+2020+22%3A32%3A07+GMT%2B0200+(CEST)&ac [...]
-.pixel.parsely.com/
+# Blocked URL = https://p1.parsely.com/px/?rand=1767775988630&plid=c08caca6-8f5d-4fd3-8b0a-74c88f544fb2&idsite=theonion.com&url=https%3A%2F%2Ftheonion.com%2Frfk-jr-warns-mistress-that-condoms-cause-autism%2F&urlref=&screen=1366x768%7C1366x768%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Ftheonion.com%2Frfk-jr-warns-mistress-that-condoms-cause-autism%2F&sref=&sts=1767775808556&slts=0&date=Wed+Jan+07+2026+09%3A53%3A08+GMT%2B0100+(Central+European+Standard+Time)&action=heartbeat&inc=5&tt=4562&p [...]
+# Blocked URL = https://p1.parsely.com/plogger/?rand=1767869446003&plid=dde1bc79-14c3-475a-89ef-c94666d2c7c2&idsite=missionlocal.org&url=https%3A%2F%2Fmissionlocal.org%2F2026%2F01%2Fsan-francisco-sewers-flooding-comic%2F&urlref=&screen=1366x768%7C1366x768%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fmissionlocal.org%2F2026%2F01%2Fsan-francisco-sewers-flooding-comic%2F&sref=&sts=1767868739976&slts=0&date=Thu+Jan+08+2026+11%3A50%3A46+GMT%2B0100+(Central+European+Standard+Time)&action=heartbea [...]
+.parsely.com/p(logger|x)/
 # Blocked URL = http://t.9gag.com/img.gif?a=unique-viewed&v=v&ref=&lbl=&lblv=&p=d&e=aD4X2GG&u=&w=l&url=https%3A%2F%2F9gag.com%2F&referrer=&t=1600253599&
 t.9gag.com/img\.gif
 # Blocked URL = http://t.lto.connectaserver.de/t.php?ht=e&in=Verweildauer%7C%7CTimeOnPage%7C%7C1m%2030s&pp=https%3A%2F%2Fwww.lto.de%2Frecht%2Fhintergruende%2Fh%2Feugh-c62317-vorratsdatenspeicherung-internet-telefon-eu-staaten-sicherheit-terrorismus-datenschutz-speichern-deutschland-kinderpornographie%2F&sr=1366x768&vp=1362x676&cid=602d486b-9a75-4ea2-99d3-ebfb063e1be8&dt=Vorratsdatenspeicherung:%20Was%20bedeutet%20das%20EuGH-Urteil?&rf=&z=1602062648454

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb  4 14:03:31 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 04 Feb 2026 14:03:31 +0100
Subject: [Privoxy-commits] [privoxy] branch master updated (7625ec4a ->
 4255bc11)
Message-ID: <177021021127.33587.8875685317161428278@privoxy-git>

This is an automated email from the git hooks/post-receive script.

git pushed a change to branch master
in repository privoxy.

    from 7625ec4a Update RSS feed to include the macOS packages for Privoxy 4.1.0
     new 94c436ef configure: Bump version to 4.2.0 UNRELEASED
     new e1be40be Bump SMGL entities for 4.2.0 UNRELEASED
     new 4255bc11 Block .parsely.com/p(logger|x)/

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 configure.in                     | 4 ++--
 default.action.master            | 4 +++-
 doc/source/authors.sgml          | 8 ++++----
 doc/source/config.sgml           | 6 +++---
 doc/source/developer-manual.sgml | 8 ++++----
 doc/source/faq.sgml              | 8 ++++----
 doc/source/install.sgml          | 8 ++++----
 doc/source/privoxy-man-page.sgml | 8 ++++----
 doc/source/readme.sgml           | 8 ++++----
 doc/source/user-manual.sgml      | 8 ++++----
 doc/source/webserver/index.sgml  | 8 ++++----
 11 files changed, 40 insertions(+), 38 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:27 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:27 +0100
Subject: [Privoxy-commits] [privoxy] branch master updated (4255bc11 ->
 e4d32cfa)
Message-ID: <177184772792.7223.7649921025081955765@privoxy-git>

This is an automated email from the git hooks/post-receive script.

git pushed a change to branch master
in repository privoxy.

    from 4255bc11 Block .parsely.com/p(logger|x)/
     new b4f156d3 Remove support for OpenSSL versions before 2.0
     new 956b5ce7 Remove support for mbedtls 2.x
     new 1ae617e1 Add elliptic-curve-keys directive and enable it by default
     new b11594a2 Document the elliptic-curve-keys directive
     new 6d92e7b5 user-manual: Use &lt; instead of literal '<' to unbreak highlighting in emacs
     new 03d2eadf Regenerate docs
     new e4d32cfa Renerate config file

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 INSTALL                                           |   4 +-
 README                                            |  21 +-
 config                                            |  43 +++-
 doc/source/p-config.sgml                          |  67 +++++-
 doc/source/user-manual.sgml                       |   2 +-
 doc/webserver/developer-manual/documentation.html |   2 +-
 doc/webserver/developer-manual/index.html         |   2 +-
 doc/webserver/developer-manual/newrelease.html    |  14 +-
 doc/webserver/faq/index.html                      |   2 +-
 doc/webserver/index.html                          |   2 +-
 doc/webserver/privoxy-index.html                  |   2 +-
 doc/webserver/user-manual/actions-file.html       |   4 +-
 doc/webserver/user-manual/appendix.html           |  20 +-
 doc/webserver/user-manual/config.html             |  44 +++-
 doc/webserver/user-manual/configuration.html      |  14 +-
 doc/webserver/user-manual/contact.html            |   4 +-
 doc/webserver/user-manual/copyright.html          |   9 +-
 doc/webserver/user-manual/filter-file.html        |   6 +-
 doc/webserver/user-manual/howto.html              |   4 +-
 doc/webserver/user-manual/index.html              |   9 +-
 doc/webserver/user-manual/installation.html       |   8 +-
 doc/webserver/user-manual/introduction.html       |  21 +-
 doc/webserver/user-manual/quickstart.html         |   6 +-
 doc/webserver/user-manual/seealso.html            |   4 +-
 doc/webserver/user-manual/startup.html            |   8 +-
 doc/webserver/user-manual/templates.html          |   4 +-
 doc/webserver/user-manual/whatsnew.html           |   4 +-
 loadcfg.c                                         |  15 +-
 openssl.c                                         | 162 ++++++++------
 project.h                                         |   2 +
 ssl.c                                             | 127 +++--------
 wolfssl.c                                         | 260 ++++++++++++++++++++--
 32 files changed, 619 insertions(+), 277 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:29 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:29 +0100
Subject: [Privoxy-commits] [privoxy] 02/07: Remove support for mbedtls 2.x
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115528.BF6F758DF@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 956b5ce709014db24c48b6a849e954c5c3e6a265
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Feb 8 15:04:30 2026 +0100

    Remove support for mbedtls 2.x
---
 ssl.c | 81 -------------------------------------------------------------------
 1 file changed, 81 deletions(-)

diff --git a/ssl.c b/ssl.c
index c174fbaa..37d7756c 100644
--- a/ssl.c
+++ b/ssl.c
@@ -344,13 +344,8 @@ extern int create_client_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
-#if MBEDTLS_VERSION_MAJOR < 3
-   ret = mbedtls_pk_parse_keyfile(&(ssl_attr->mbedtls_attr.prim_key),
-      key_file, NULL);
-#else
    ret = mbedtls_pk_parse_keyfile(&(ssl_attr->mbedtls_attr.prim_key),
       key_file, NULL, mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
    if (ret != 0)
    {
       mbedtls_strerror(ret, err_buf, sizeof(err_buf));
@@ -1263,11 +1258,7 @@ static int generate_host_certificate(struct client_state *csp)
    mbedtls_pk_context *issuer_key  = &loaded_issuer_key;
    mbedtls_pk_context *subject_key = &loaded_subject_key;
    mbedtls_x509write_cert cert;
-#if MBEDTLS_VERSION_MAJOR < 3
-   mbedtls_mpi serial;
-#else
    unsigned char serial_buf[16];
-#endif
 
    unsigned char *key_buf = NULL;    /* Buffer for created key */
 
@@ -1363,9 +1354,6 @@ static int generate_host_certificate(struct client_state *csp)
    mbedtls_x509write_crt_set_md_alg(&cert, CERT_SIGNATURE_ALGORITHM);
    mbedtls_pk_init(&loaded_issuer_key);
    mbedtls_pk_init(&loaded_subject_key);
-#if MBEDTLS_VERSION_MAJOR < 3
-   mbedtls_mpi_init(&serial);
-#endif
    mbedtls_x509_crt_init(&issuer_cert);
 
    /*
@@ -1379,32 +1367,6 @@ static int generate_host_certificate(struct client_state *csp)
    char cert_params[cert_params_len];
    memset(cert_params, 0, cert_params_len);
 
-#if MBEDTLS_VERSION_MAJOR < 3
-   /*
-    * Converting unsigned long serial number to char * serial number.
-    * We must compute length of serial number in string + terminating null.
-    */
-   unsigned long certificate_serial = get_certificate_serial(csp);
-   unsigned long certificate_serial_time = (unsigned long)time(NULL);
-   int serial_num_size = snprintf(NULL, 0, "%lu%lu",
-      certificate_serial_time, certificate_serial) + 1;
-   if (serial_num_size <= 0)
-   {
-      serial_num_size = 1;
-   }
-
-   char serial_num_text[serial_num_size];  /* Buffer for serial number */
-   ret = snprintf(serial_num_text, (size_t)serial_num_size, "%lu%lu",
-      certificate_serial_time, certificate_serial);
-   if (ret < 0 || ret >= serial_num_size)
-   {
-      log_error(LOG_LEVEL_ERROR,
-         "Converting certificate serial number into string failed.");
-      ret = -1;
-      goto exit;
-   }
-#endif
-
    /*
     * Preparing parameters for certificate
     */
@@ -1432,9 +1394,6 @@ static int generate_host_certificate(struct client_state *csp)
    cert_opt.subject_name  = cert_params;
    cert_opt.not_before    = cert_valid_from;
    cert_opt.not_after     = cert_valid_to;
-#if MBEDTLS_VERSION_MAJOR < 3
-   cert_opt.serial        = serial_num_text;
-#endif
    cert_opt.is_ca         = 0;
    cert_opt.max_pathlen   = -1;
 
@@ -1459,21 +1418,6 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-#if MBEDTLS_VERSION_MAJOR < 3
-   /*
-    * Parse serial to MPI
-    */
-   ret = mbedtls_mpi_read_string(&serial, 10, cert_opt.serial);
-   if (ret != 0)
-   {
-      mbedtls_strerror(ret, err_buf, sizeof(err_buf));
-      log_error(LOG_LEVEL_ERROR,
-         "mbedtls_mpi_read_string failed: %s", err_buf);
-      ret = -1;
-      goto exit;
-   }
-#endif
-
    /*
     * Loading certificates
     */
@@ -1503,28 +1447,17 @@ static int generate_host_certificate(struct client_state *csp)
    if (key_buf != NULL && subject_key_len > 0)
    {
       /* Key was created in this function and is stored in buffer */
-#if MBEDTLS_VERSION_MAJOR < 3
-      ret = mbedtls_pk_parse_key(&loaded_subject_key, key_buf,
-         (size_t)(subject_key_len + 1), (unsigned const char *)
-         cert_opt.subject_pwd, strlen(cert_opt.subject_pwd));
-#else
       ret = mbedtls_pk_parse_key(&loaded_subject_key, key_buf,
          (size_t)(subject_key_len + 1), (unsigned const char *)
          cert_opt.subject_pwd, strlen(cert_opt.subject_pwd),
          mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
    }
    else
    {
       /* Key wasn't created in this function, because it already existed */
-#if MBEDTLS_VERSION_MAJOR < 3
-      ret = mbedtls_pk_parse_keyfile(&loaded_subject_key,
-         cert_opt.subject_key, cert_opt.subject_pwd);
-#else
       ret = mbedtls_pk_parse_keyfile(&loaded_subject_key,
          cert_opt.subject_key, cert_opt.subject_pwd,
          mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
    }
 
    if (ret != 0)
@@ -1536,13 +1469,8 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-#if MBEDTLS_VERSION_MAJOR < 3
-   ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, cert_opt.issuer_key,
-      cert_opt.issuer_pwd);
-#else
    ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, cert_opt.issuer_key,
       cert_opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
    if (ret != 0)
    {
       mbedtls_strerror(ret, err_buf, sizeof(err_buf));
@@ -1578,13 +1506,9 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-#if MBEDTLS_VERSION_MAJOR < 3
-   ret = mbedtls_x509write_crt_set_serial(&cert, &serial);
-#else
    mbedtls_ctr_drbg_random(&ctr_drbg, serial_buf, sizeof(serial_buf));
    ret = mbedtls_x509write_crt_set_serial_raw(&cert,
       (unsigned char *)&serial_buf, sizeof(serial_buf));
-#endif
    if (ret != 0)
    {
       mbedtls_strerror(ret, err_buf, sizeof(err_buf));
@@ -1669,9 +1593,6 @@ exit:
    mbedtls_x509write_crt_free(&cert);
    mbedtls_pk_free(&loaded_subject_key);
    mbedtls_pk_free(&loaded_issuer_key);
-#if MBEDTLS_VERSION_MAJOR < 3
-   mbedtls_mpi_free(&serial);
-#endif
    mbedtls_x509_crt_free(&issuer_cert);
 
    freez(cert_opt.subject_key);
@@ -1830,7 +1751,6 @@ static int seed_rng(struct client_state *csp)
       privoxy_mutex_lock(&ssl_init_mutex);
       if (rng_seeded == 0)
       {
-#if MBEDTLS_VERSION_MAJOR >= 3
          psa_status_t status = psa_crypto_init();
          if (PSA_SUCCESS != status)
          {
@@ -1838,7 +1758,6 @@ static int seed_rng(struct client_state *csp)
             privoxy_mutex_unlock(&ssl_init_mutex);
             return -1;
          }
-#endif
          mbedtls_ctr_drbg_init(&ctr_drbg);
          mbedtls_entropy_init(&entropy);
          ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:28 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:28 +0100
Subject: [Privoxy-commits] [privoxy] 01/07: Remove support for OpenSSL
 versions before 2.0
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115528.8DD33596C@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit b4f156d3c8c972e03aa24e2d76f64a2040efe5a5
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Wed Feb 4 14:11:08 2026 +0100

    Remove support for OpenSSL versions before 2.0
---
 openssl.c | 42 +-----------------------------------------
 1 file changed, 1 insertion(+), 41 deletions(-)

diff --git a/openssl.c b/openssl.c
index cb2bab7a..bc6d6e53 100644
--- a/openssl.c
+++ b/openssl.c
@@ -74,14 +74,6 @@ static void log_ssl_errors(int debuglevel, const char* fmt, ...) __attribute__((
 
 static int ssl_inited = 0;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define X509_set1_notBefore X509_set_notBefore
-#define X509_set1_notAfter X509_set_notAfter
-#define X509_get0_serialNumber X509_get_serialNumber
-#define X509_get0_notBefore X509_get_notBefore
-#define X509_get0_notAfter X509_get_notAfter
-#endif
-
 /*********************************************************************
  *
  * Function    :  openssl_init
@@ -100,11 +92,7 @@ static void openssl_init(void)
       privoxy_mutex_lock(&ssl_init_mutex);
       if (ssl_inited == 0)
       {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-         SSL_library_init();
-#else
          OPENSSL_init_ssl(0, NULL);
-#endif
          SSL_load_error_strings();
          OpenSSL_add_ssl_algorithms();
          ssl_inited = 1;
@@ -284,9 +272,7 @@ static int ssl_store_cert(struct client_state *csp, X509 *crt)
    char *encoded_text;
    long l;
    const ASN1_INTEGER *bs;
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
    const X509_ALGOR *tsig_alg;
-#endif
    int loc;
 
    if (!bio)
@@ -480,7 +466,6 @@ static int ssl_store_cert(struct client_state *csp, X509 *crt)
       goto exit;
    }
 
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
    if (BIO_puts(bio, "\nsigned using      : ") <= 0)
    {
       log_ssl_errors(LOG_LEVEL_ERROR, "BIO_puts() for signed using failed");
@@ -494,7 +479,6 @@ static int ssl_store_cert(struct client_state *csp, X509 *crt)
       ret = -1;
       goto exit;
    }
-#endif
    pkey = X509_get_pubkey(crt);
    if (!pkey)
    {
@@ -1096,35 +1080,13 @@ extern int create_server_ssl_connection(struct client_state *csp)
    /*
     * Set the hostname to check against the received server certificate
     */
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
    if (!SSL_set1_host(ssl, csp->http->host))
    {
       log_ssl_errors(LOG_LEVEL_ERROR, "SSL_set1_host failed");
       ret = -1;
       goto exit;
    }
-#else
-   if (host_is_ip_address(csp->http->host))
-   {
-      if (X509_VERIFY_PARAM_set1_ip_asc(ssl->param,  csp->http->host) != 1)
-      {
-         log_ssl_errors(LOG_LEVEL_ERROR,
-            "X509_VERIFY_PARAM_set1_ip_asc() failed");
-         ret = -1;
-         goto exit;
-      }
-   }
-   else
-   {
-      if (X509_VERIFY_PARAM_set1_host(ssl->param,  csp->http->host, 0) != 1)
-      {
-         log_ssl_errors(LOG_LEVEL_ERROR,
-            "X509_VERIFY_PARAM_set1_host() failed");
-         ret = -1;
-         goto exit;
-      }
-   }
-#endif
+
    /* SNI extension */
    if (!host_is_ip_address(csp->http->host) &&
        !SSL_set_tlsext_host_name(ssl, csp->http->host))
@@ -2270,12 +2232,10 @@ extern void ssl_release(void)
 {
    if (ssl_inited == 1)
    {
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
 #ifndef LIBRESSL_VERSION_NUMBER
 #ifndef OPENSSL_NO_COMP
       SSL_COMP_free_compression_methods();
 #endif
-#endif
 #endif
       CONF_modules_free();
       CONF_modules_unload(1);

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:30 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:30 +0100
Subject: [Privoxy-commits] [privoxy] 03/07: Add elliptic-curve-keys
 directive and enable it by default
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115529.039CA58E1@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 1ae617e11cd0bea2797af384f7ccc963f6052502
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Wed Feb 4 14:15:29 2026 +0100

    Add elliptic-curve-keys directive and enable it by default
    
    It lets Privoxy use the SN_X9_62_prime256v1 group instead of
    RSA when generating website keys and certificates.
    
    This is expected to be faster but may not be supported by older clients.
    
    The OpenSSL-specific code is based on on a patch by Steven Smith
    submitted in SF#933.
---
 loadcfg.c |  15 +++-
 openssl.c | 120 +++++++++++++++++++++--------
 project.h |   2 +
 ssl.c     |  46 ++++++++---
 wolfssl.c | 260 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
 5 files changed, 375 insertions(+), 68 deletions(-)

diff --git a/loadcfg.c b/loadcfg.c
index 1e9fe2d3..580643ef 100644
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -7,7 +7,7 @@
  *                routine to load the configuration and the global
  *                variables it writes to.
  *
- * Copyright   :  Written by and Copyright (C) 2001-2022 the
+ * Copyright   :  Written by and Copyright (C) 2001-2026 the
  *                Privoxy team. https://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
@@ -148,6 +148,7 @@ static struct file_list *current_configfile = NULL;
 #define hash_debug                            78263U /* "debug" */
 #define hash_default_server_timeout      2530089913U /* "default-server-timeout" */
 #define hash_deny_access                 1227333715U /* "deny-access" */
+#define hash_elliptic_curve_keys          258906537U /* "elliptic-curve-keys" */
 #define hash_enable_accept_filter        2909040407U /* "enable-accept-filter" */
 #define hash_enable_edit_actions         2517097536U /* "enable-edit-actions" */
 #define hash_enable_compression          3943696946U /* "enable-compression" */
@@ -678,6 +679,9 @@ struct configuration_spec * load_config(void)
 #endif
    config->feature_flags            &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
    config->cors_allowed_origin       = NULL;
+#ifdef FEATURE_HTTPS_INSPECTION
+   config->elliptic_curve_keys = 1;
+#endif
 
    configfp = fopen(configfile, "r");
    if (NULL == configfp)
@@ -1027,6 +1031,15 @@ struct configuration_spec * load_config(void)
             break;
 #endif /* def FEATURE_ACL */
 
+#ifdef FEATURE_HTTPS_INSPECTION
+/* *************************************************************************
+ * elliptic-curve-keys 0|1
+ * *************************************************************************/
+         case hash_elliptic_curve_keys :
+            config->elliptic_curve_keys = parse_toggle_state(cmd, arg);
+            break;
+#endif /* def FEATURE_HTTPS_INSPECTION */
+
 #if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
 /* *************************************************************************
  * enable-accept-filter 0|1
diff --git a/openssl.c b/openssl.c
index bc6d6e53..3a5bf1e5 100644
--- a/openssl.c
+++ b/openssl.c
@@ -8,7 +8,7 @@
  *
  * Copyright   :  Written by and Copyright (c) 2020 Maxim Antonov <mantonov at gmail.com>
  *                Copyright (C) 2017 Vaclav Svec. FIT CVUT.
- *                Copyright (C) 2018-2024 by Fabian Keil <fk at fabiankeil.de>
+ *                Copyright (C) 2018-2026 by Fabian Keil <fk at fabiankeil.de>
  *
  *                This program is free software; you can redistribute it
  *                and/or modify it under the terms of the GNU General
@@ -1448,6 +1448,7 @@ static int generate_key(struct client_state *csp, char **key_buf)
 #if (OPENSSL_VERSION_NUMBER < 0x30000000L)
    BIGNUM *exp;
    RSA *rsa;
+   EC_KEY *ec_key;
 #endif
    EVP_PKEY *key;
 
@@ -1468,45 +1469,90 @@ static int generate_key(struct client_state *csp, char **key_buf)
    }
 
 #if (OPENSSL_VERSION_NUMBER < 0x30000000L)
-   exp = BN_new();
-   rsa = RSA_new();
    key = EVP_PKEY_new();
-   if (exp == NULL || rsa == NULL || key == NULL)
+   if (key == NULL)
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
+      log_ssl_errors(LOG_LEVEL_ERROR, "RSA/EC key memory allocation failure.");
       ret = -1;
       goto exit;
    }
-
-   if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
+   if (csp->config->elliptic_curve_keys)
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
-      ret = -1;
-      goto exit;
+      ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+      if (ec_key == NULL)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "EC key creation failed.");
+         ret = -1;
+         goto exit;
+      }
+      if (!EC_KEY_generate_key(ec_key))
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "EC key generation failed.");
+         ret = -1;
+         goto exit;
+      }
+      if (!EVP_PKEY_set1_EC_KEY(key, ec_key))
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR,
+            "Error assigning EC key pair to PKEY structure");
+         ret = -1;
+         goto exit;
+      }
    }
-
-   ret = RSA_generate_key_ex(rsa, RSA_KEYSIZE, exp, NULL);
-   if (ret == 0)
+   else
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "RSA key generation failure");
-      ret = -1;
-      goto exit;
-   }
+      exp = BN_new();
+      rsa = RSA_new();
+      if (exp == NULL || rsa == NULL)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
+         ret = -1;
+         goto exit;
+      }
 
-   if (!EVP_PKEY_set1_RSA(key, rsa))
-   {
-      log_ssl_errors(LOG_LEVEL_ERROR,
-         "Error assigning RSA key pair to PKEY structure");
-      ret = -1;
-      goto exit;
+      if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
+         ret = -1;
+         goto exit;
+      }
+
+      ret = RSA_generate_key_ex(rsa, RSA_KEYSIZE, exp, NULL);
+      if (ret == 0)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "RSA key generation failure");
+         ret = -1;
+         goto exit;
+      }
+
+      if (!EVP_PKEY_set1_RSA(key, rsa))
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR,
+            "Error assigning RSA key pair to PKEY structure");
+         ret = -1;
+         goto exit;
+      }
    }
 #else
-   key = EVP_RSA_gen(RSA_KEYSIZE);
-   if (key == NULL)
+   if (csp->config->elliptic_curve_keys)
    {
-      log_error(LOG_LEVEL_ERROR, "EVP_RSA_gen() failed");
-      ret = -1;
-      goto exit;
+      key = EVP_EC_gen(SN_X9_62_prime256v1);
+      if (key == NULL)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "EC key generation error");
+         ret = -1;
+         goto exit;
+      }
+   }
+   else
+   {
+      key = EVP_RSA_gen(RSA_KEYSIZE);
+      if (key == NULL)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR, "EVP_RSA_gen() failed");
+         ret = -1;
+         goto exit;
+      }
    }
 #endif
 
@@ -1526,13 +1572,23 @@ exit:
     * Freeing used variables
     */
 #if (OPENSSL_VERSION_NUMBER < 0x30000000L)
-   if (exp)
+   if (csp->config->elliptic_curve_keys)
    {
-      BN_free(exp);
+      if (ec_key)
+      {
+         EC_KEY_free(ec_key);
+      }
    }
-   if (rsa)
+   else
    {
-      RSA_free(rsa);
+      if (exp)
+      {
+         BN_free(exp);
+      }
+      if (rsa)
+      {
+         RSA_free(rsa);
+      }
    }
 #endif
    if (key)
diff --git a/project.h b/project.h
index 3c516602..9f3c36ef 100644
--- a/project.h
+++ b/project.h
@@ -1616,6 +1616,8 @@ struct configuration_spec
 
    /** Filename of trusted CAs certificates **/
    char *trusted_cas_file;
+
+   int elliptic_curve_keys;
 #endif
 };
 
diff --git a/ssl.c b/ssl.c
index 37d7756c..6950caae 100644
--- a/ssl.c
+++ b/ssl.c
@@ -7,7 +7,7 @@
  *                using mbedTLS.
  *
  * Copyright   :  Written by and Copyright (c) 2017-2020 Vaclav Svec. FIT CVUT.
- *                Copyright (C) 2018-2024 by Fabian Keil <fk at fabiankeil.de>
+ *                Copyright (C) 2018-2026 by Fabian Keil <fk at fabiankeil.de>
  *
  *                This program is free software; you can redistribute it
  *                and/or modify it under the terms of the GNU General
@@ -75,7 +75,7 @@
  */
 typedef struct {
    mbedtls_pk_type_t type;   /* type of key to generate  */
-   int  rsa_keysize;         /* length of key in bits    */
+   int  keysize;             /* length of key in bits    */
    char *key_file_path;      /* filename of the key file */
 } key_options;
 
@@ -1002,8 +1002,16 @@ static int generate_key(struct client_state *csp, unsigned char **key_buf)
    /*
     * Preparing path for key file and other properties for generating key
     */
-   key_opt.type        = MBEDTLS_PK_RSA;
-   key_opt.rsa_keysize = RSA_KEYSIZE;
+   if (csp->config->elliptic_curve_keys)
+   {
+      key_opt.type    = MBEDTLS_PK_ECKEY;
+      key_opt.keysize = 32;
+   }
+   else
+   {
+      key_opt.type    = MBEDTLS_PK_RSA;
+      key_opt.keysize = RSA_KEYSIZE;
+   }
 
    key_opt.key_file_path = make_certs_path(csp->config->certificate_directory,
       (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
@@ -1044,16 +1052,30 @@ static int generate_key(struct client_state *csp, unsigned char **key_buf)
       goto exit;
    }
 
-   ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random,
-      &ctr_drbg, (unsigned)key_opt.rsa_keysize, RSA_KEY_PUBLIC_EXPONENT);
-   if (ret != 0)
+   if (csp->config->elliptic_curve_keys)
    {
-      mbedtls_strerror(ret, err_buf, sizeof(err_buf));
-      log_error(LOG_LEVEL_ERROR, "Key generating failed: %s", err_buf);
-      ret = -1;
-      goto exit;
+      ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1,
+         mbedtls_pk_ec(key), mbedtls_ctr_drbg_random, &ctr_drbg);
+      if (ret != 0)
+      {
+         mbedtls_strerror(ret, err_buf, sizeof(err_buf));
+         log_error(LOG_LEVEL_ERROR, "ECC Key generation failed: %s", err_buf);
+         ret = -1;
+         goto exit;
+      }
+   }
+   else
+   {
+      ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random,
+         &ctr_drbg, (unsigned)key_opt.keysize, RSA_KEY_PUBLIC_EXPONENT);
+      if (ret != 0)
+      {
+         mbedtls_strerror(ret, err_buf, sizeof(err_buf));
+         log_error(LOG_LEVEL_ERROR, "Key generating failed: %s", err_buf);
+         ret = -1;
+         goto exit;
+      }
    }
-
    /*
     * Exporting private key into file
     */
diff --git a/wolfssl.c b/wolfssl.c
index 40a1a46f..12b4c441 100644
--- a/wolfssl.c
+++ b/wolfssl.c
@@ -6,7 +6,7 @@
  *                creating, using and closing TLS/SSL connections
  *                using wolfSSL.
  *
- * Copyright   :  Copyright (C) 2018-2025 by Fabian Keil <fk at fabiankeil.de>
+ * Copyright   :  Copyright (C) 2018-2026 by Fabian Keil <fk at fabiankeil.de>
  *                Copyright (C) 2020 Maxim Antonov <mantonov at gmail.com>
  *                Copyright (C) 2017 Vaclav Svec. FIT CVUT.
  *
@@ -1512,6 +1512,89 @@ exit:
 }
 
 
+/*********************************************************************
+ *
+ * Function    :  generate_ecc_key
+ *
+ * Description : Generates a new ECC key and saves it in a file.
+ *
+ * Parameters  :
+ *          1  :  ecc_key_path = Path to the key that should be written.
+ *
+ * Returns     :  -1 => Error while generating private key
+ *                 0 => Success.
+ *
+ *********************************************************************/
+static int generate_ecc_key(const char *ecc_key_path)
+{
+   ecc_key ecc_key;
+   byte ecc_key_der[4096];
+   int ret;
+   byte key_pem[4096];
+   int der_key_size;
+   int pem_key_size;
+   FILE *f = NULL;
+
+   assert(file_exists(ecc_key_path) != 1);
+
+   wc_ecc_init(&ecc_key);
+
+   ret = wc_ecc_make_key(&wolfssl_rng, 32, &ecc_key);
+   if (ret != 0)
+   {
+      log_error(LOG_LEVEL_ERROR, "ECC key generation failed");
+      ret = -1;
+      goto exit;
+   }
+
+   der_key_size = wc_EccKeyToDer(&ecc_key, ecc_key_der, sizeof(ecc_key_der));
+   wc_ecc_free(&ecc_key);
+   if (der_key_size < 0)
+   {
+      log_error(LOG_LEVEL_ERROR, "ECC key conversion to DER format failed");
+      ret = -1;
+      goto exit;
+   }
+   pem_key_size = wc_DerToPem(ecc_key_der, (word32)der_key_size,
+      key_pem, sizeof(key_pem), ECC_PRIVATEKEY_TYPE);
+   if (pem_key_size < 0)
+   {
+      log_error(LOG_LEVEL_ERROR, "ECC key conversion to PEM format failed");
+      ret = -1;
+      goto exit;
+   }
+
+   /*
+    * Saving key into file
+    */
+   if ((f = fopen(ecc_key_path, "wb")) == NULL)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Opening file %s to save private key failed: %E",
+         ecc_key_path);
+      ret = -1;
+      goto exit;
+   }
+
+   if (fwrite(key_pem, 1, (size_t)pem_key_size, f) != pem_key_size)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Writing private key into file %s failed",
+         ecc_key_path);
+      close_file_stream(f, ecc_key_path);
+      ret = -1;
+      goto exit;
+   }
+
+   close_file_stream(f, ecc_key_path);
+
+exit:
+
+   return ret;
+
+}
+
+
 /*********************************************************************
  *
  * Function    :  ssl_certificate_load
@@ -1714,6 +1797,106 @@ static int load_rsa_key(const char *rsa_key_path, const char *password, RsaKey *
    return 1;
 }
 
+
+/*********************************************************************
+ *
+ * Function    :  load_ecc_key
+ *
+ * Description :  Load a PEM-encoded ECC file into memory.
+ *
+ * Parameters  :
+ *          1  :  ecc_key_path = Path to the file that holds the key.
+ *          2  :  ecc_key = Initialized ECC key storage.
+ *
+ * Returns     :   0 => Error while creating the key.
+ *                 1 => It worked
+ *
+ *********************************************************************/
+static int load_ecc_key(const char *ecc_key_path, ecc_key *ecc_key)
+{
+   FILE *fp;
+   size_t length;
+   long ret;
+   unsigned char *key_pem;
+   DerBuffer *der_buffer;
+   word32 der_index = 0;
+
+   fp = fopen(ecc_key_path, "rb");
+   if (NULL == fp)
+   {
+      log_error(LOG_LEVEL_ERROR, "Failed to open %s: %E", ecc_key_path);
+      return 0;
+   }
+
+   /* Get file length */
+   if (fseek(fp, 0, SEEK_END))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Unexpected error while fseek()ing to the end of %s: %E",
+         ecc_key_path);
+      fclose(fp);
+      return 0;
+   }
+   ret = ftell(fp);
+   if (-1 == ret)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Unexpected ftell() error while loading %s: %E",
+         ecc_key_path);
+      fclose(fp);
+      return 0;
+   }
+   length = (size_t)ret;
+
+   /* Go back to the beginning. */
+   if (fseek(fp, 0, SEEK_SET))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Unexpected error while fseek()ing to the beginning of %s: %E",
+         ecc_key_path);
+      fclose(fp);
+      return 0;
+   }
+
+   key_pem = malloc_or_die(length);
+
+   if (1 != fread(key_pem, length, 1, fp))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Couldn't completely read file %s.", ecc_key_path);
+      fclose(fp);
+      freez(key_pem);
+      return 0;
+   }
+
+   fclose(fp);
+
+   ret = wc_PemToDer(key_pem, (long)length, ECC_PRIVATEKEY_TYPE,
+     &der_buffer, NULL, NULL, NULL);
+   freez(key_pem);
+   if (ret < 0)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Failed to convert buffer into DER format for file %s. Error = %ld",
+         ecc_key_path, ret);
+      return 0;
+   }
+
+   ret = wc_EccPrivateKeyDecode(der_buffer->buffer, &der_index, ecc_key,
+      der_buffer->length);
+   freez(der_buffer);
+   if (ret < 0)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Failed to decode DER buffer into ECC key structure for %s",
+         ecc_key_path);
+      return 0;
+   }
+
+   return 1;
+}
+
+
 #ifndef WOLFSSL_ALT_NAMES
 #error wolfSSL lacks Subject Alternative Name support (WOLFSSL_ALT_NAMES) which is mandatory
 #endif
@@ -1773,7 +1956,7 @@ static int set_subject_alternative_name(struct Cert *certificate, const char *ho
  * Parameters  :
  *          1  :  csp = Current client state (buffers, headers, etc...)
  *          2  :  certificate_path = Path to the certificate to generate.
- *          3  :  rsa_key_path = Path to the key to generate for the
+ *          3  :  key_path = Path to the key to generate for the
  *                               certificate.
  *
  * Returns     :  -1 => Error while creating certificate.
@@ -1782,11 +1965,12 @@ static int set_subject_alternative_name(struct Cert *certificate, const char *ho
  *
  *********************************************************************/
 static int generate_host_certificate(struct client_state *csp,
-   const char *certificate_path, const char *rsa_key_path)
+   const char *certificate_path, const char *key_path)
 {
    struct Cert certificate;
    RsaKey ca_key;
    RsaKey rsa_key;
+   ecc_key ecc_key;
    int ret;
    byte certificate_der[4096];
    int der_certificate_length;
@@ -1807,10 +1991,10 @@ static int generate_host_certificate(struct client_state *csp,
                certificate_path);
             return -1;
          }
-         if (unlink(rsa_key_path))
+         if (unlink(key_path))
          {
             log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
-               rsa_key_path);
+               key_path);
             return -1;
          }
       }
@@ -1824,18 +2008,28 @@ static int generate_host_certificate(struct client_state *csp,
       log_error(LOG_LEVEL_CONNECT, "Creating new certificate %s",
          certificate_path);
    }
-   if (enforce_sane_certificate_state(certificate_path, rsa_key_path))
+   if (enforce_sane_certificate_state(certificate_path, key_path))
    {
       return -1;
    }
 
-   wc_InitRsaKey(&rsa_key, NULL);
-   wc_InitRsaKey(&ca_key, NULL);
-
-   if (generate_rsa_key(rsa_key_path) == -1)
+   if (csp->config->elliptic_curve_keys)
    {
-      return -1;
+      wc_ecc_init(&ecc_key);
+      if (generate_ecc_key(key_path) == -1)
+      {
+         return -1;
+      }
    }
+   else
+   {
+      wc_InitRsaKey(&rsa_key, NULL);
+      if (generate_rsa_key(key_path) == -1)
+      {
+         return -1;
+      }
+   }
+   wc_InitRsaKey(&ca_key, NULL);
 
    wc_InitCert(&certificate);
 
@@ -1862,22 +2056,35 @@ static int generate_host_certificate(struct client_state *csp,
       goto exit;
    }
 
-   if (load_rsa_key(rsa_key_path, NULL, &rsa_key) != 1)
+   if (csp->config->elliptic_curve_keys)
    {
-      log_error(LOG_LEVEL_ERROR,
-         "Failed to load RSA key %s", rsa_key_path);
-      ret = -1;
-      goto exit;
+      if (load_ecc_key(key_path, &ecc_key) != 1)
+      {
+         log_error(LOG_LEVEL_ERROR,
+            "Failed to load ECC key %s", key_path);
+         ret = -1;
+         goto exit;
+      }
+      der_certificate_length = wc_MakeCert(&certificate, certificate_der,
+         sizeof(certificate_der), NULL, &ecc_key, &wolfssl_rng);
+   }
+   else
+   {
+      if (load_rsa_key(key_path, NULL, &rsa_key) != 1)
+      {
+         log_error(LOG_LEVEL_ERROR,
+            "Failed to load RSA key %s", key_path);
+         ret = -1;
+         goto exit;
+      }
+      der_certificate_length = wc_MakeCert(&certificate, certificate_der,
+         sizeof(certificate_der), &rsa_key, NULL, &wolfssl_rng);
    }
-
-   /* wolfSSL_Debugging_ON(); */
-   der_certificate_length = wc_MakeCert(&certificate, certificate_der,
-      sizeof(certificate_der), &rsa_key, NULL, &wolfssl_rng);
-   /* wolfSSL_Debugging_OFF(); */
 
    if (der_certificate_length < 0)
    {
-      log_error(LOG_LEVEL_ERROR, "Failed to make certificate");
+      log_error(LOG_LEVEL_ERROR, "Failed to make certificate. "
+         "wc_MakeCert() return code: %d", der_certificate_length);
       ret = -1;
       goto exit;
    }
@@ -1922,7 +2129,14 @@ static int generate_host_certificate(struct client_state *csp,
    ret = 1;
 
 exit:
-   wc_FreeRsaKey(&rsa_key);
+   if (csp->config->elliptic_curve_keys)
+   {
+      wc_ecc_free(&ecc_key);
+   }
+   else
+   {
+      wc_FreeRsaKey(&rsa_key);
+   }
    wc_FreeRsaKey(&ca_key);
 
    return 1;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:31 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:31 +0100
Subject: [Privoxy-commits] [privoxy] 04/07: Document the elliptic-curve-keys
 directive
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115529.63FE758E3@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit b11594a22a54252839f1b77dcb5d336bd8a7d506
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Feb 8 16:30:33 2026 +0100

    Document the elliptic-curve-keys directive
---
 doc/source/p-config.sgml | 67 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 66 insertions(+), 1 deletion(-)

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index cca2fd32..6a725dbf 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -3,7 +3,7 @@
 
  Purpose     :  Used with other docs and files only.
 
- Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2026 Privoxy Developers https://www.privoxy.org/
  See LICENSE.
 
  ========================================================================
@@ -4273,6 +4273,71 @@ compression-level 0
 
 <!--   ~~~~~       New section      ~~~~~     -->
 
+<sect3 renderas="sect4" id="elliptic-curve-keys"><title>elliptic-curve-keys</title>
+<variablelist>
+ <varlistentry>
+  <term>Specifies:</term>
+  <listitem>
+   <para>
+    Whether or not &my-app; uses Elliptic-curve cryptography.
+   </para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>Type of value:</term>
+  <listitem>
+   <para>
+    1 or 0
+   </para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>Default value:</term>
+  <listitem>
+   <para>
+    1
+   </para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>Effect if unset:</term>
+  <listitem>
+   <para>
+    Website certificates with public elliptic curve keys are being used.
+   </para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>Notes:</term>
+  <listitem>
+   <para>
+    This directive specifies whether or not &my-app; should use Elliptic-curve cryptography
+    when generating website keys that are being used  when https inspection is enabled with the
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+    action.
+   </para>
+   <para>
+    When set to 0, &my-app; generates website certificates that use RSA keys.
+    This is expected to be slower but may be required for compatibility with very old clients.
+   </para>
+  </listitem>
+ </varlistentry>
+ <varlistentry>
+  <term>Example:</term>
+  <listitem>
+   <para>
+    elliptic-curve-keys 0
+   </para>
+  </listitem>
+ </varlistentry>
+</variablelist>
+<![%config-file;[<literallayout>@@elliptic-curve-keys 1</literallayout>]]>
+</sect3>
+
+<!--  ~  End section  ~  -->
+
+<!--   ~~~~~       New section      ~~~~~     -->
+
 <sect3 renderas="sect4" id="cipher-list"><title>cipher-list</title>
 <variablelist>
  <varlistentry>

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:32 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:32 +0100
Subject: [Privoxy-commits] [privoxy] 05/07: user-manual: Use &lt;
 instead of literal '<' to unbreak highlighting in emacs
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115529.B29BF58E4@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 6d92e7b5e1795e9ed6f8a5ab6a3663b6f62c55b9
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Feb 8 16:17:41 2026 +0100

    user-manual: Use &lt; instead of literal '<' to unbreak highlighting in emacs
---
 doc/source/user-manual.sgml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index a6aadfc6..5e69c074 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -7286,7 +7286,7 @@ webmail.example.com
  might end up with unintended variables if you use a variable name
  directly after the delimiter. Variables will be resolved without
  escaping anything, therefore you also have to be careful not to chose
- delimiters that appear in the replacement text. For example '<' should
+ delimiters that appear in the replacement text. For example '&lt;' should
  be save, while '?' will sooner or later cause conflicts with $url.
 </para>
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:34 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:34 +0100
Subject: [Privoxy-commits] [privoxy] 07/07: Renerate config file
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115530.3305C596F@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit e4d32cfa1f18664b34a6ff9b8780704366a89fa6
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sat Feb 14 13:33:01 2026 +0100

    Renerate config file
---
 config | 43 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/config b/config
index cea37352..116e86e3 100644
--- a/config
+++ b/config
@@ -1,4 +1,4 @@
-#        Sample Configuration File for Privoxy 4.1.0
+#        Sample Configuration File for Privoxy 4.2.0
 #
 # Copyright (C) 2001-2026 Privoxy Developers https://www.privoxy.org/
 #
@@ -2652,7 +2652,44 @@ socket-timeout 300
 #
 #certificate-directory /usr/local/var/privoxy/certs
 #
-#  7.6. cipher-list
+#  7.6. elliptic-curve-keys
+#  =========================
+#
+#  Specifies:
+#
+#      Whether or not Privoxy uses Elliptic-curve cryptography.
+#
+#  Type of value:
+#
+#      1 or 0
+#
+#  Default value:
+#
+#      1
+#
+#  Effect if unset:
+#
+#      Website certificates with public elliptic curve keys are being
+#      used.
+#
+#  Notes:
+#
+#      This directive specifies whether or not Privoxy should use
+#      Elliptic-curve cryptography when generating website keys that
+#      are being used when https inspection is enabled with the
+#      https-inspection action.
+#
+#      When set to 0, Privoxy generates website certificates that use
+#      RSA keys. This is expected to be slower but may be required
+#      for compatibility with very old clients.
+#
+#  Example:
+#
+#      elliptic-curve-keys 0
+#
+elliptic-curve-keys 1
+#
+#  7.7. cipher-list
 #  =================
 #
 #  Specifies:
@@ -2747,7 +2784,7 @@ socket-timeout 300
 #        cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
 #
 #
-#  7.7. trusted-cas-file
+#  7.8. trusted-cas-file
 #  ======================
 #
 #  Specifies:

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Mon Feb 23 12:55:33 2026
From: git at git.privoxy.org (User Git)
Date: Mon, 23 Feb 2026 12:55:33 +0100
Subject: [Privoxy-commits] [privoxy] 06/07: Regenerate docs
In-Reply-To: <177184772792.7223.7649921025081955765@privoxy-git>
References: <177184772792.7223.7649921025081955765@privoxy-git>
Message-ID: <20260223115530.02B9358E6@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 03d2eadf3db01e84836d2407812aa66a41cef497
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sat Feb 14 13:18:46 2026 +0100

    Regenerate docs
---
 INSTALL                                           |  4 +--
 README                                            | 21 +++++++----
 doc/webserver/developer-manual/documentation.html |  2 +-
 doc/webserver/developer-manual/index.html         |  2 +-
 doc/webserver/developer-manual/newrelease.html    | 14 ++++----
 doc/webserver/faq/index.html                      |  2 +-
 doc/webserver/index.html                          |  2 +-
 doc/webserver/privoxy-index.html                  |  2 +-
 doc/webserver/user-manual/actions-file.html       |  4 +--
 doc/webserver/user-manual/appendix.html           | 20 +++++------
 doc/webserver/user-manual/config.html             | 44 ++++++++++++++++++++---
 doc/webserver/user-manual/configuration.html      | 14 +++++---
 doc/webserver/user-manual/contact.html            |  4 +--
 doc/webserver/user-manual/copyright.html          |  9 +++--
 doc/webserver/user-manual/filter-file.html        |  6 ++--
 doc/webserver/user-manual/howto.html              |  4 +--
 doc/webserver/user-manual/index.html              |  9 ++---
 doc/webserver/user-manual/installation.html       |  8 ++---
 doc/webserver/user-manual/introduction.html       | 21 +++++++----
 doc/webserver/user-manual/quickstart.html         |  6 ++--
 doc/webserver/user-manual/seealso.html            |  4 +--
 doc/webserver/user-manual/startup.html            |  8 ++---
 doc/webserver/user-manual/templates.html          |  4 +--
 doc/webserver/user-manual/whatsnew.html           |  4 +--
 24 files changed, 136 insertions(+), 82 deletions(-)

diff --git a/INSTALL b/INSTALL
index cd16ffd8..c75f2b76 100644
--- a/INSTALL
+++ b/INSTALL
@@ -39,8 +39,8 @@ compiler like gcc are required.
 
 When building from a source tarball, first unpack the source:
 
-  tar xzvf privoxy-4.1.0-stable-src.tar.gz
-  cd privoxy-4.1.0-stable
+  tar xzvf privoxy-4.2.0-beta-src.tar.gz
+  cd privoxy-4.2.0-beta
 
 To build the development version, you can get the source code by doing:
 
diff --git a/README b/README
index 0e095d31..e6589428 100644
--- a/README
+++ b/README
@@ -32,8 +32,9 @@
  *
  *********************************************************************/
 
-This README is included with Privoxy 4.1.0. See https://www.privoxy.org/ for
-more information. The current code maturity level is "stable".
+This README is included with the development version of Privoxy 4.2.0. See
+https://www.privoxy.org/ for more information. The current code maturity level
+is "UNRELEASED", but seems stable to us :).
 
 -------------------------------------------------------------------------------
 
@@ -104,16 +105,22 @@ try it with FTP or other protocols for the simple reason it does not work.
 The actions list can be configured via the web interface accessed via http://
 p.p/, as well other options.
 
+All configuration files are subject to unannounced changes during the
+development process.
+
 -------------------------------------------------------------------------------
 
 5. DOCUMENTATION
 
-There should be documentation in the 'doc' subdirectory. In particular, see the
-User Manual there, the FAQ, and those interested in Privoxy development, should
-look at developer-manual.
+There should be documentation in the 'doc' subdirectory, but it may not be
+completed at this point. In particular, see the User Manual there, the FAQ, and
+those interested in Privoxy development, should look at developer-manual.
 
-The source and configuration files are all well commented. The main
-configuration files are: 'config', 'default.action', and 'default.filter'.
+The most up to date source of information on the current development version,
+may still be either comments in the source code, or the included configuration
+files. The source and configuration files are all well commented. The main
+configuration files are: 'config', 'default.action', and 'default.filter' in
+the top-level source directory.
 
 Included documentation may vary according to platform and packager. All
 documentation is posted on https://www.privoxy.org, in case you don't have it,
diff --git a/doc/webserver/developer-manual/documentation.html b/doc/webserver/developer-manual/documentation.html
index 254c187c..26fee921 100644
--- a/doc/webserver/developer-manual/documentation.html
+++ b/doc/webserver/developer-manual/documentation.html
@@ -236,7 +236,7 @@
             <tbody>
               <tr>
                 <td><span class="emphasis"><i class="EMPHASIS">p-version</i></span>: the <span class=
-                "APPLICATION">Privoxy</span> version string, e.g. <span class="QUOTE">"4.1.0"</span>.</td>
+                "APPLICATION">Privoxy</span> version string, e.g. <span class="QUOTE">"4.2.0"</span>.</td>
               </tr>
               <tr>
                 <td><span class="emphasis"><i class="EMPHASIS">p-status</i></span>: the project status, either
diff --git a/doc/webserver/developer-manual/index.html b/doc/webserver/developer-manual/index.html
index e55963c0..731211b3 100644
--- a/doc/webserver/developer-manual/index.html
+++ b/doc/webserver/developer-manual/index.html
@@ -22,7 +22,7 @@
           helpful!) reading for anyone who wants to join the team. Note that it's currently out of date and may not be
           entirely correct. As always, patches are welcome.</p>
           <p>Please note that this document is constantly evolving. This copy represents the state at the release of
-          version 4.1.0. You can find the latest version of the this manual at <a href=
+          version 4.2.0. You can find the latest version of the this manual at <a href=
           "https://www.privoxy.org/developer-manual/" target="_top">https://www.privoxy.org/developer-manual/</a>.
           Please have a look at the <a href="https://www.privoxy.org/user-manual/contact.html" target="_top">contact
           section in the user manual</a> if you are interested in contacting the developers.</p>
diff --git a/doc/webserver/developer-manual/newrelease.html b/doc/webserver/developer-manual/newrelease.html
index d2cefca1..bed5162f 100644
--- a/doc/webserver/developer-manual/newrelease.html
+++ b/doc/webserver/developer-manual/newrelease.html
@@ -463,7 +463,7 @@
         <table border="0" bgcolor="#E0E0E0" width="100%">
           <tr>
             <td>
-              <pre class="PROGRAMLISTING">  dch -v 4.1.0-1</pre>
+              <pre class="PROGRAMLISTING">  dch -v 4.2.0-1</pre>
             </td>
           </tr>
         </table>
@@ -480,7 +480,7 @@
         <table border="0" bgcolor="#E0E0E0" width="100%">
           <tr>
             <td>
-              <pre class="PROGRAMLISTING">  lintian -iI ../build-area/privoxy_4.1.0-1_amd64.changes</pre>
+              <pre class="PROGRAMLISTING">  lintian -iI ../build-area/privoxy_4.2.0-1_amd64.changes</pre>
             </td>
           </tr>
         </table>
@@ -489,7 +489,7 @@
           <tr>
             <td>
               <pre class=
-              "PROGRAMLISTING">  sudo cowbuilder --build --basepath /var/cache/pbuilder/base.cow ../build-area/privoxy_4.1.0-1.dsc</pre>
+              "PROGRAMLISTING">  sudo cowbuilder --build --basepath /var/cache/pbuilder/base.cow ../build-area/privoxy_4.2.0-1.dsc</pre>
             </td>
           </tr>
         </table>
@@ -498,19 +498,19 @@
           <tr>
             <td>
               <pre class=
-              "PROGRAMLISTING">  autopkgtest /var/cache/pbuilder/result/privoxy_4.1.0-1_amd64.changes -s -- schroot sid</pre>
+              "PROGRAMLISTING">  autopkgtest /var/cache/pbuilder/result/privoxy_4.2.0-1_amd64.changes -s -- schroot sid</pre>
             </td>
           </tr>
         </table>
         <p>Or just push the changes to salsa.debian.org, where a CI pipeline is defined for the package, that builds
         and tests it.</p>
         <p>If everything is okay, run cowbuilder with i386 and amd64 environments for current Debian stable release and
-        build privoxy_4.1.0-1_i386.deb and privoxy_4.1.0-1_amd64.deb. Then sign both files:</p>
+        build privoxy_4.2.0-1_i386.deb and privoxy_4.2.0-1_amd64.deb. Then sign both files:</p>
         <table border="0" bgcolor="#E0E0E0" width="100%">
           <tr>
             <td>
-              <pre class="PROGRAMLISTING">  gpg --detach-sign --armor privoxy_4.1.0-1_i386.deb
-  gpg --detach-sign --armor privoxy_4.1.0-1_amd64.deb</pre>
+              <pre class="PROGRAMLISTING">  gpg --detach-sign --armor privoxy_4.2.0-1_i386.deb
+  gpg --detach-sign --armor privoxy_4.2.0-1_amd64.deb</pre>
             </td>
           </tr>
         </table>
diff --git a/doc/webserver/faq/index.html b/doc/webserver/faq/index.html
index d56dc7dc..d512e870 100644
--- a/doc/webserver/faq/index.html
+++ b/doc/webserver/faq/index.html
@@ -38,7 +38,7 @@
             </li>
           </ul>
           <p>Please note that this document is a work in progress. This copy represents the state at the release of
-          version 4.1.0. You can find the latest version of the document at <a href="https://www.privoxy.org/faq/"
+          version 4.2.0. You can find the latest version of the document at <a href="https://www.privoxy.org/faq/"
           target="_top">https://www.privoxy.org/faq/</a>. Please see the <a href="contact.html">Contact section</a> if
           you want to contact the developers.</p>
         </div>
diff --git a/doc/webserver/index.html b/doc/webserver/index.html
index ea82d6ca..235f2026 100644
--- a/doc/webserver/index.html
+++ b/doc/webserver/index.html
@@ -32,7 +32,7 @@
               <p><a href="https://www.privoxy.org/donate" target="_top">https://www.privoxy.org/donate</a></p>
             </li>
           </ul>
-          <p>The most recent release is <a href="announce.txt" target="_top">4.1.0 (stable)</a>.</p>
+          <p>The most recent release is <a href="announce.txt" target="_top">4.2.0 (UNRELEASED)</a>.</p>
         </div>
       </div>
       <hr>
diff --git a/doc/webserver/privoxy-index.html b/doc/webserver/privoxy-index.html
index 5e5a7992..7b980372 100644
--- a/doc/webserver/privoxy-index.html
+++ b/doc/webserver/privoxy-index.html
@@ -12,7 +12,7 @@
   <div class="ARTICLE">
     <div class="TITLEPAGE">
       <h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy - The Privacy Enhancing Proxy</a></h1>
-      <h2 class="SUBTITLE">Project Index Page v4.1.0</h2>
+      <h2 class="SUBTITLE">Project Index Page v4.2.0</h2>
       <div>
         <div class="ABSTRACT">
           <a name="AEN5" id="AEN5"></a>
diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html
index 03a24963..ec050214 100644
--- a/doc/webserver/user-manual/actions-file.html
+++ b/doc/webserver/user-manual/actions-file.html
@@ -4,7 +4,7 @@
 <head>
   <title>Actions Files</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="The Main Configuration File" href="config.html">
   <link rel="NEXT" title="Filter Files" href="filter-file.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="config.html" accesskey="P">Prev</a></td>
diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html
index 3c8e41e9..03c2e133 100644
--- a/doc/webserver/user-manual/appendix.html
+++ b/doc/webserver/user-manual/appendix.html
@@ -4,7 +4,7 @@
 <head>
   <title>Appendix</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="See Also" href="seealso.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
@@ -14,7 +14,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="seealso.html" accesskey="P">Prev</a></td>
@@ -202,7 +202,7 @@
       these. If not, you will get a friendly error message. Internet access is not necessary either.</p>
       <ul>
         <li>
-          <p>Privoxy main page:</p><a name="AEN6595" id="AEN6595"></a>
+          <p>Privoxy main page:</p><a name="AEN6633" id="AEN6633"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a></p>
           </blockquote>
@@ -211,7 +211,7 @@
           "APPLICATION">Privoxy</span>)</p>
         </li>
         <li>
-          <p>View and toggle client tags:</p><a name="AEN6603" id="AEN6603"></a>
+          <p>View and toggle client tags:</p><a name="AEN6641" id="AEN6641"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/client-tags" target=
             "_top">http://config.privoxy.org/client-tags</a></p>
@@ -219,21 +219,21 @@
         </li>
         <li>
           <p>Show information about the current configuration, including viewing and editing of actions
-          files:</p><a name="AEN6608" id="AEN6608"></a>
+          files:</p><a name="AEN6646" id="AEN6646"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-status" target=
             "_top">http://config.privoxy.org/show-status</a></p>
           </blockquote>
         </li>
         <li>
-          <p>Show the browser's request headers:</p><a name="AEN6613" id="AEN6613"></a>
+          <p>Show the browser's request headers:</p><a name="AEN6651" id="AEN6651"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-request" target=
             "_top">http://config.privoxy.org/show-request</a></p>
           </blockquote>
         </li>
         <li>
-          <p>Show which actions apply to a URL and why:</p><a name="AEN6618" id="AEN6618"></a>
+          <p>Show which actions apply to a URL and why:</p><a name="AEN6656" id="AEN6656"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/show-url-info" target=
             "_top">http://config.privoxy.org/show-url-info</a></p>
@@ -242,15 +242,15 @@
         <li>
           <p>Toggle Privoxy on or off. This feature can be turned off/on in the main <tt class="FILENAME">config</tt>
           file. When toggled <span class="QUOTE">"off"</span>, <span class="QUOTE">"Privoxy"</span> continues to run,
-          but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6626" id="AEN6626"></a>
+          but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6664" id="AEN6664"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/toggle" target="_top">http://config.privoxy.org/toggle</a></p>
           </blockquote>
-          <p>Short cuts. Turn off, then on:</p><a name="AEN6630" id="AEN6630"></a>
+          <p>Short cuts. Turn off, then on:</p><a name="AEN6668" id="AEN6668"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/toggle?set=disable" target=
             "_top">http://config.privoxy.org/toggle?set=disable</a></p>
-          </blockquote><a name="AEN6633" id="AEN6633"></a>
+          </blockquote><a name="AEN6671" id="AEN6671"></a>
           <blockquote class="BLOCKQUOTE">
             <p><a href="http://config.privoxy.org/toggle?set=enable" target=
             "_top">http://config.privoxy.org/toggle?set=enable</a></p>
diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html
index fe9674e6..8c38e13c 100644
--- a/doc/webserver/user-manual/config.html
+++ b/doc/webserver/user-manual/config.html
@@ -4,7 +4,7 @@
 <head>
   <title>The Main Configuration File</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Privoxy Configuration" href="configuration.html">
   <link rel="NEXT" title="Actions Files" href="actions-file.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="configuration.html" accesskey="P">Prev</a></td>
@@ -2607,7 +2607,43 @@
         </div>
       </div>
       <div class="SECT3">
-        <h4 class="SECT3"><a name="CIPHER-LIST" id="CIPHER-LIST">7.7.6. cipher-list</a></h4>
+        <h4 class="SECT3"><a name="ELLIPTIC-CURVE-KEYS" id="ELLIPTIC-CURVE-KEYS">7.7.6. elliptic-curve-keys</a></h4>
+        <div class="VARIABLELIST">
+          <dl>
+            <dt>Specifies:</dt>
+            <dd>
+              <p>Whether or not <span class="APPLICATION">Privoxy</span> uses Elliptic-curve cryptography.</p>
+            </dd>
+            <dt>Type of value:</dt>
+            <dd>
+              <p>1 or 0</p>
+            </dd>
+            <dt>Default value:</dt>
+            <dd>
+              <p>1</p>
+            </dd>
+            <dt>Effect if unset:</dt>
+            <dd>
+              <p>Website certificates with public elliptic curve keys are being used.</p>
+            </dd>
+            <dt>Notes:</dt>
+            <dd>
+              <p>This directive specifies whether or not <span class="APPLICATION">Privoxy</span> should use
+              Elliptic-curve cryptography when generating website keys that are being used when https inspection is
+              enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION" target=
+              "_top">https-inspection</a></tt> action.</p>
+              <p>When set to 0, <span class="APPLICATION">Privoxy</span> generates website certificates that use RSA
+              keys. This is expected to be slower but may be required for compatibility with very old clients.</p>
+            </dd>
+            <dt>Example:</dt>
+            <dd>
+              <p>elliptic-curve-keys 0</p>
+            </dd>
+          </dl>
+        </div>
+      </div>
+      <div class="SECT3">
+        <h4 class="SECT3"><a name="CIPHER-LIST" id="CIPHER-LIST">7.7.7. cipher-list</a></h4>
         <div class="VARIABLELIST">
           <dl>
             <dt>Specifies:</dt>
@@ -2726,7 +2762,7 @@
         </div>
       </div>
       <div class="SECT3">
-        <h4 class="SECT3"><a name="TRUSTED-CAS-FILE" id="TRUSTED-CAS-FILE">7.7.7. trusted-cas-file</a></h4>
+        <h4 class="SECT3"><a name="TRUSTED-CAS-FILE" id="TRUSTED-CAS-FILE">7.7.8. trusted-cas-file</a></h4>
         <div class="VARIABLELIST">
           <dl>
             <dt>Specifies:</dt>
diff --git a/doc/webserver/user-manual/configuration.html b/doc/webserver/user-manual/configuration.html
index 911d58e5..d0500e6c 100644
--- a/doc/webserver/user-manual/configuration.html
+++ b/doc/webserver/user-manual/configuration.html
@@ -4,7 +4,7 @@
 <head>
   <title>Privoxy Configuration</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Starting Privoxy" href="startup.html">
   <link rel="NEXT" title="The Main Configuration File" href="config.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="startup.html" accesskey="P">Prev</a></td>
@@ -40,7 +40,7 @@
         <tr>
           <td>
             <pre class="SCREEN">   </pre>
-            <h2 class="BRIDGEHEAD"><a name="AEN912"></a>&nbsp;&nbsp;&nbsp;&nbsp;Privoxy Menu</h2>
+            <h2 class="BRIDGEHEAD"><a name="AEN915"></a>&nbsp;&nbsp;&nbsp;&nbsp;Privoxy Menu</h2>
             <pre><br></pre>
             <table border="0">
               <tbody>
@@ -69,7 +69,7 @@
                 </tr>
                 <tr>
                   <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&squf;&nbsp;&nbsp;<a href=
-                  "https://www.privoxy.org/4.1.0/user-manual/" target="_top">Documentation</a></td>
+                  "https://www.privoxy.org/4.2.0/user-manual/" target="_top">Documentation</a></td>
                 </tr>
               </tbody>
             </table>
@@ -94,7 +94,8 @@
       <h2 class="SECT2"><a name="CONFOVERVIEW">6.2. Configuration Files Overview</a></h2>
       <p>For Unix, *BSD and GNU/Linux, all configuration files are located in <tt class="FILENAME">/etc/privoxy/</tt>
       by default. For MS Windows these are all in the same directory as the <span class="APPLICATION">Privoxy</span>
-      executable.</p>
+      executable. The name and number of configuration files has changed from previous versions, and is subject to
+      change as development progresses.</p>
       <p>The installed defaults provide a reasonable starting point, though some settings may be aggressive by some
       standards. For the time being, the principle configuration files are:</p>
       <ul>
@@ -145,6 +146,9 @@
       listening address of <span class="APPLICATION">Privoxy</span>, these <span class="QUOTE">"wake up"</span>
       requests must obviously be sent to the <span class="emphasis"><i class="EMPHASIS">old</i></span> listening
       address.</p>
+      <p>While under development, the configuration content is subject to change. The below documentation may not be
+      accurate by the time you read this. Also, what constitutes a <span class="QUOTE">"default"</span> setting, may
+      change, so please check all your configuration files on important issues.</p>
     </div>
   </div>
   <div class="NAVFOOTER">
diff --git a/doc/webserver/user-manual/contact.html b/doc/webserver/user-manual/contact.html
index 21f4347e..89eb6e7e 100644
--- a/doc/webserver/user-manual/contact.html
+++ b/doc/webserver/user-manual/contact.html
@@ -4,7 +4,7 @@
 <head>
   <title>Contacting the Developers, Bug Reporting and Feature Requests</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="HOWTOs" href="howto.html">
   <link rel="NEXT" title="Privoxy Copyright, License and History" href="copyright.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="howto.html" accesskey="P">Prev</a></td>
diff --git a/doc/webserver/user-manual/copyright.html b/doc/webserver/user-manual/copyright.html
index c875de6d..641c7c6d 100644
--- a/doc/webserver/user-manual/copyright.html
+++ b/doc/webserver/user-manual/copyright.html
@@ -4,7 +4,7 @@
 <head>
   <title>Privoxy Copyright, License and History</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Contacting the Developers, Bug Reporting and Feature Requests" href="contact.html">
   <link rel="NEXT" title="See Also" href="seealso.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="contact.html" accesskey="P">Prev</a></td>
@@ -1085,9 +1085,8 @@ Public License instead of this License.  But first, please read
         "_top">brotli</a>.</p>
         <p>When compiled with FEATURE_HTTPS_INSPECTION (optional), Privoxy depends on a TLS library. The supported
         libraries are <a href="https://www.libressl.org/" target="_top">LibreSSL</a>, <a href=
-        "https://github.com/Mbed-TLS/mbedtls/tags" target="_top">mbed TLS 2.28.x</a> and <a href=
-        "https://www.openssl.org/" target="_top">OpenSSL</a> and <a href="https://www.wolfssl.com/" target=
-        "_top">wolfSSL</a>.</p>
+        "https://github.com/Mbed-TLS/mbedtls/" target="_top">mbed TLS</a>, <a href="https://www.openssl.org/" target=
+        "_top">OpenSSL</a> and <a href="https://www.wolfssl.com/" target="_top">wolfSSL</a>.</p>
         <p>When compiled with FEATURE_ZLIB (optional), Privoxy depends on <a href="https://zlib.net/" target=
         "_top">zlib</a>.</p>
         <p>When compiled with FEATURE_ZSTD (optional), Privoxy depends on <a href="https://facebook.github.io/zstd/"
diff --git a/doc/webserver/user-manual/filter-file.html b/doc/webserver/user-manual/filter-file.html
index 36061080..33953ad0 100644
--- a/doc/webserver/user-manual/filter-file.html
+++ b/doc/webserver/user-manual/filter-file.html
@@ -4,7 +4,7 @@
 <head>
   <title>Filter Files</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Actions Files" href="actions-file.html">
   <link rel="NEXT" title="Privoxy's Template Files" href="templates.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="actions-file.html" accesskey="P">Prev</a></td>
@@ -95,7 +95,7 @@
     <p>Note that '$' is a bad choice for a delimiter in a dynamic filter as you might end up with unintended variables
     if you use a variable name directly after the delimiter. Variables will be resolved without escaping anything,
     therefore you also have to be careful not to chose delimiters that appear in the replacement text. For example
-    '&#60;' should be save, while '?' will sooner or later cause conflicts with $url.</p>
+    '&lt;' should be save, while '?' will sooner or later cause conflicts with $url.</p>
     <p>The non-standard option letter <tt class="LITERAL">T</tt> (trivial) prevents parsing for backreferences in the
     substitute. Use it if you want to include text like '$&#38;' in your substitute without quoting.</p>
     <p>If you are new to <a href="https://en.wikipedia.org/wiki/Regular_expressions" target="_top"><span class=
diff --git a/doc/webserver/user-manual/howto.html b/doc/webserver/user-manual/howto.html
index 79a43ce8..0f4ad77c 100644
--- a/doc/webserver/user-manual/howto.html
+++ b/doc/webserver/user-manual/howto.html
@@ -4,7 +4,7 @@
 <head>
   <title>HOWTOs</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Privoxy's Template Files" href="templates.html">
   <link rel="NEXT" title="Contacting the Developers, Bug Reporting and Feature Requests" href="contact.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="templates.html" accesskey="P">Prev</a></td>
diff --git a/doc/webserver/user-manual/index.html b/doc/webserver/user-manual/index.html
index 5d0d88bd..b160a849 100644
--- a/doc/webserver/user-manual/index.html
+++ b/doc/webserver/user-manual/index.html
@@ -2,7 +2,7 @@
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
-  <title>Privoxy 4.1.0 User Manual</title>
+  <title>Privoxy 4.2.0 User Manual</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
   <link rel="NEXT" title="Introduction" href="introduction.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -12,7 +12,7 @@
 <body class="ARTICLE" bgcolor="#EEEEEE" text="#000000" link="#0000FF" vlink="#840084" alink="#0000FF">
   <div class="ARTICLE">
     <div class="TITLEPAGE">
-      <h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy 4.1.0 User Manual</a></h1>
+      <h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy 4.2.0 User Manual</a></h1>
       <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> &copy; 2001-2026 by <a href=
       "https://www.privoxy.org/" target="_top">Privoxy Developers</a></sub><br></p>
       <div>
@@ -201,8 +201,9 @@
                 <dt>7.7.3. <a href="config.html#CA-KEY-FILE">ca-key-file</a></dt>
                 <dt>7.7.4. <a href="config.html#CA-PASSWORD">ca-password</a></dt>
                 <dt>7.7.5. <a href="config.html#CERTIFICATE-DIRECTORY">certificate-directory</a></dt>
-                <dt>7.7.6. <a href="config.html#CIPHER-LIST">cipher-list</a></dt>
-                <dt>7.7.7. <a href="config.html#TRUSTED-CAS-FILE">trusted-cas-file</a></dt>
+                <dt>7.7.6. <a href="config.html#ELLIPTIC-CURVE-KEYS">elliptic-curve-keys</a></dt>
+                <dt>7.7.7. <a href="config.html#CIPHER-LIST">cipher-list</a></dt>
+                <dt>7.7.8. <a href="config.html#TRUSTED-CAS-FILE">trusted-cas-file</a></dt>
               </dl>
             </dd>
             <dt>7.8. <a href="config.html#WINDOWS-GUI">Windows GUI Options</a></dt>
diff --git a/doc/webserver/user-manual/installation.html b/doc/webserver/user-manual/installation.html
index 43c01ff8..bff95416 100644
--- a/doc/webserver/user-manual/installation.html
+++ b/doc/webserver/user-manual/installation.html
@@ -4,7 +4,7 @@
 <head>
   <title>Installation</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Introduction" href="introduction.html">
   <link rel="NEXT" title="What's New in this Release" href="whatsnew.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="introduction.html" accesskey="P">Prev</a></td>
@@ -131,8 +131,8 @@
       <table border="0" bgcolor="#E0E0E0" width="100%">
         <tr>
           <td>
-            <pre class="SCREEN">  tar xzvf privoxy-4.1.0-stable-src.tar.gz
-  cd privoxy-4.1.0-stable</pre>
+            <pre class="SCREEN">  tar xzvf privoxy-4.2.0-beta-src.tar.gz
+  cd privoxy-4.2.0-beta</pre>
           </td>
         </tr>
       </table>
diff --git a/doc/webserver/user-manual/introduction.html b/doc/webserver/user-manual/introduction.html
index 59d76292..9e22d4b4 100644
--- a/doc/webserver/user-manual/introduction.html
+++ b/doc/webserver/user-manual/introduction.html
@@ -4,8 +4,8 @@
 <head>
   <title>Introduction</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
-  <link rel="PREVIOUS" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
+  <link rel="PREVIOUS" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="NEXT" title="Installation" href="installation.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="index.html" accesskey="P">Prev</a></td>
@@ -27,13 +27,20 @@
   </div>
   <div class="SECT1">
     <h1 class="SECT1"><a name="INTRODUCTION" id="INTRODUCTION">1. Introduction</a></h1>
-    <p>This documentation is included with the current stable version of <span class="APPLICATION">Privoxy</span>,
-    4.1.0.</p>
+    <p>This documentation is included with the current UNRELEASED version of <span class="APPLICATION">Privoxy</span>,
+    4.2.0, and is mostly complete at this point. The most up to date reference for the time being is still the comments
+    in the source files and in the individual configuration files. Development of a new version is currently nearing
+    completion, and includes significant changes and enhancements over earlier versions.</p>
+    <p>Since this is a UNRELEASED version, not all new features are well tested. This documentation may be slightly out
+    of sync as a result (especially with <a href="https://www.privoxy.org/gitweb/?p=privoxy.git;a=summary" target=
+    "_top">git sources</a>). And there <span class="emphasis"><i class="EMPHASIS">may be</i></span> bugs, though
+    hopefully not many!</p>
     <div class="SECT2">
       <h2 class="SECT2"><a name="FEATURES" id="FEATURES">1.1. Features</a></h2>
       <p>In addition to the core features of ad blocking and <a href="https://en.wikipedia.org/wiki/Browser_cookie"
       target="_top">cookie</a> management, <span class="APPLICATION">Privoxy</span> provides many supplemental
-      features, that give the end-user more control, more privacy and more freedom:</p>
+      features, some of them currently under development, that give the end-user more control, more privacy and more
+      freedom:</p>
       <ul>
         <li>
           <p>Supports "Connection: keep-alive". Outgoing connections can be kept alive independently from the
@@ -104,7 +111,7 @@
         <td width="33%" align="right" valign="top"><a href="installation.html" accesskey="N">Next</a></td>
       </tr>
       <tr>
-        <td width="33%" align="left" valign="top">Privoxy 4.1.0 User Manual</td>
+        <td width="33%" align="left" valign="top">Privoxy 4.2.0 User Manual</td>
         <td width="34%" align="center" valign="top">&nbsp;</td>
         <td width="33%" align="right" valign="top">Installation</td>
       </tr>
diff --git a/doc/webserver/user-manual/quickstart.html b/doc/webserver/user-manual/quickstart.html
index ff89b924..b33508af 100644
--- a/doc/webserver/user-manual/quickstart.html
+++ b/doc/webserver/user-manual/quickstart.html
@@ -4,7 +4,7 @@
 <head>
   <title>Quickstart to Using Privoxy</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="What's New in this Release" href="whatsnew.html">
   <link rel="NEXT" title="Starting Privoxy" href="startup.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="whatsnew.html" accesskey="P">Prev</a></td>
@@ -219,7 +219,7 @@
           <p>Find <tt class="FILENAME">user.action</tt> in the top section, and click on <span class=
           "QUOTE">"<span class="GUIBUTTON">Edit</span>"</span>:</p>
           <div class="FIGURE">
-            <a name="AEN679" id="AEN679"></a>
+            <a name="AEN682" id="AEN682"></a>
             <p><b>Figure 1. Actions Files in Use</b></p>
             <div class="MEDIAOBJECT">
               <p><img src="files-in-use.jpg"></p>
diff --git a/doc/webserver/user-manual/seealso.html b/doc/webserver/user-manual/seealso.html
index a0647667..9461f564 100644
--- a/doc/webserver/user-manual/seealso.html
+++ b/doc/webserver/user-manual/seealso.html
@@ -4,7 +4,7 @@
 <head>
   <title>See Also</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Privoxy Copyright, License and History" href="copyright.html">
   <link rel="NEXT" title="Appendix" href="appendix.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="copyright.html" accesskey="P">Prev</a></td>
diff --git a/doc/webserver/user-manual/startup.html b/doc/webserver/user-manual/startup.html
index ea4b2e2c..96006b3c 100644
--- a/doc/webserver/user-manual/startup.html
+++ b/doc/webserver/user-manual/startup.html
@@ -4,7 +4,7 @@
 <head>
   <title>Starting Privoxy</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Quickstart to Using Privoxy" href="quickstart.html">
   <link rel="NEXT" title="Privoxy Configuration" href="configuration.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="quickstart.html" accesskey="P">Prev</a></td>
@@ -35,7 +35,7 @@
     <p>Please note that <span class="APPLICATION">Privoxy</span> can only proxy HTTP and HTTPS traffic. It will not
     work with FTP or other protocols.</p>
     <div class="FIGURE">
-      <a name="AEN733" id="AEN733"></a>
+      <a name="AEN736" id="AEN736"></a>
       <p><b>Figure 2. Proxy Configuration Showing Mozilla Firefox HTTP and HTTPS (SSL) Settings</b></p>
       <div class="MEDIAOBJECT">
         <p><img src="proxy_setup.jpg"></p>
@@ -66,7 +66,7 @@
     protocols"</span> is <span class="emphasis"><i class="EMPHASIS">UNCHECKED</i></span>. You want only HTTP and HTTPS
     (SSL)!</p>
     <div class="FIGURE">
-      <a name="AEN775" id="AEN775"></a>
+      <a name="AEN778" id="AEN778"></a>
       <p><b>Figure 3. Proxy Configuration Showing Internet Explorer HTTP and HTTPS (Secure) Settings</b></p>
       <div class="MEDIAOBJECT">
         <p><img src="proxy2.jpg"></p>
diff --git a/doc/webserver/user-manual/templates.html b/doc/webserver/user-manual/templates.html
index 2ff272ce..cd7c8a1a 100644
--- a/doc/webserver/user-manual/templates.html
+++ b/doc/webserver/user-manual/templates.html
@@ -4,7 +4,7 @@
 <head>
   <title>Privoxy's Template Files</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Filter Files" href="filter-file.html">
   <link rel="NEXT" title="HOWTOs" href="howto.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="filter-file.html" accesskey="P">Prev</a></td>
diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html
index 141a6eaf..3806a140 100644
--- a/doc/webserver/user-manual/whatsnew.html
+++ b/doc/webserver/user-manual/whatsnew.html
@@ -4,7 +4,7 @@
 <head>
   <title>What's New in this Release</title>
   <meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
-  <link rel="HOME" title="Privoxy 4.1.0 User Manual" href="index.html">
+  <link rel="HOME" title="Privoxy 4.2.0 User Manual" href="index.html">
   <link rel="PREVIOUS" title="Installation" href="installation.html">
   <link rel="NEXT" title="Quickstart to Using Privoxy" href="quickstart.html">
   <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
@@ -15,7 +15,7 @@
   <div class="NAVHEADER">
     <table summary="Header navigation table" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
-        <th colspan="3" align="center">Privoxy 4.1.0 User Manual</th>
+        <th colspan="3" align="center">Privoxy 4.2.0 User Manual</th>
       </tr>
       <tr>
         <td width="10%" align="left" valign="bottom"><a href="installation.html" accesskey="P">Prev</a></td>

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:24:01 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:24:01 +0100
Subject: [Privoxy-commits] [privoxy] 03/06: privoxy-log-parser: Highlight
 listen address in 'Enlisting tag 'allow-cookies' for client 127.0.0.1 using
 127.0.1.1:8120.'
In-Reply-To: <177203303893.8984.4408556348968942315@privoxy-git>
References: <177203303893.8984.4408556348968942315@privoxy-git>
Message-ID: <20260225152400.597E25976@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 1739e9d1c7d4c0171c9725d43fd7020c4f1207d1
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Dec 7 21:58:03 2025 +0100

    privoxy-log-parser: Highlight listen address in 'Enlisting tag 'allow-cookies' for client 127.0.0.1 using 127.0.1.1:8120.'
---
 tools/privoxy-log-parser.pl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/privoxy-log-parser.pl b/tools/privoxy-log-parser.pl
index d45c4932..c7f61324 100755
--- a/tools/privoxy-log-parser.pl
+++ b/tools/privoxy-log-parser.pl
@@ -188,6 +188,7 @@ sub prepare_our_stuff() {
         'HOST'               => HEADER_DEFAULT_COLOUR,
         'tls-version'        => 'pink',
         'cipher-suite'       => 'light_cyan',
+        'listen-address'     => 'light_cyan',
     );
 
     %h_colours = %h;
@@ -1273,10 +1274,14 @@ sub handle_loglevel_tagging($) {
 
     } elsif ($c =~ /^Enlisting tag/) {
 
+        # >= 4.2.0:
+        # Enlisting tag 'allow-cookies' for client 127.0.0.1 using 127.0.1.1:8120.
+        # < 4.2.0:
         # Enlisting tag 'forward-directly' for client 127.0.0.1.
 
         $c =~ s@(?<=tag \')([^\']*)@$h{'tag'}$1$h{'Standard'}@;
-        $c = highlight_matched_host($c, '[^\s]+(?=\.$)');
+        $c = highlight_matched_host($c, '(?<=for client )[^\s]+');
+        $c =~ s@(?<=using )(.*)(?=\.$)@$h{'listen-address'}$1$h{'Standard'}@;
 
     } elsif ($c =~ /^Tag/) {
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:23:58 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:23:58 +0100
Subject: [Privoxy-commits] [privoxy] branch master updated (e4d32cfa ->
 07a4273b)
Message-ID: <177203303893.8984.4408556348968942315@privoxy-git>

This is an automated email from the git hooks/post-receive script.

git pushed a change to branch master
in repository privoxy.

    from e4d32cfa Renerate config file
     new 447bf260 Check the listening address when deciding whether or not a client tag matches
     new c1afa4c0 wolfssl: Downgrade an error message in create_server_ssl_connection()
     new 1739e9d1 privoxy-log-parser: Highlight listen address in 'Enlisting tag 'allow-cookies' for client 127.0.0.1 using 127.0.1.1:8120.'
     new 6eb2db2f Privoxy-Log-Parser: Bump version to 0.9.8
     new 5581486a GNUMakefile.in: Remove duplicated 'only' in the web-rss-feed target's message
     new 07a4273b Unblock gitlab./search/count\?

The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 GNUmakefile.in              |  2 +-
 cgisimple.c                 |  5 +--
 client-tags.c               | 75 ++++++++++++++++++++++++++++++---------------
 client-tags.h               |  7 +++--
 default.action.master       |  2 ++
 jbsockets.c                 |  3 +-
 jcc.c                       |  6 ++--
 templates/client-tags       |  4 +--
 tools/privoxy-log-parser.pl |  9 ++++--
 wolfssl.c                   |  2 +-
 10 files changed, 77 insertions(+), 38 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:23:59 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:23:59 +0100
Subject: [Privoxy-commits] [privoxy] 01/06: Check the listening address when
 deciding whether or not a client tag matches
In-Reply-To: <177203303893.8984.4408556348968942315@privoxy-git>
References: <177203303893.8984.4408556348968942315@privoxy-git>
Message-ID: <20260225152359.A036158EE@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 447bf260fb67772f01d907e2fb1efea4aff647ea
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sat Dec 6 08:38:24 2025 +0100

    Check the listening address when deciding whether or not a client tag matches
    
    This allows to use different client tags for different clients running
    on the same host.
---
 cgisimple.c           |  5 ++--
 client-tags.c         | 75 ++++++++++++++++++++++++++++++++++-----------------
 client-tags.h         |  7 +++--
 jbsockets.c           |  3 ++-
 jcc.c                 |  6 +++--
 templates/client-tags |  4 +--
 6 files changed, 66 insertions(+), 34 deletions(-)

diff --git a/cgisimple.c b/cgisimple.c
index 58e5ae6b..a6a8fada 100644
--- a/cgisimple.c
+++ b/cgisimple.c
@@ -374,7 +374,8 @@ jb_err cgi_show_client_tags(struct client_state *csp,
          int tag_state;
 
          privoxy_mutex_lock(&client_tags_mutex);
-         tag_state = client_has_requested_tag(csp->client_address, this_tag->name);
+         tag_state = client_has_requested_tag(csp->client_address,
+            csp->listen_addr_str, this_tag->name);
          privoxy_mutex_unlock(&client_tags_mutex);
          if (!err) err = string_append(&client_tag_status, "<tr><td>");
          if (!err) err = string_append(&client_tag_status, this_tag->name);
@@ -404,7 +405,7 @@ jb_err cgi_show_client_tags(struct client_state *csp,
          return JB_ERR_MEMORY;
       }
    }
-   refresh_delay = get_next_tag_timeout_for_client(csp->client_address);
+   refresh_delay = get_next_tag_timeout_for_client(csp->client_address, csp->listen_addr_str);
    if (refresh_delay != 0)
    {
       snprintf(buf, sizeof(buf), "%u", csp->config->client_tag_lifetime);
diff --git a/client-tags.c b/client-tags.c
index d8cbb350..cc90250a 100644
--- a/client-tags.c
+++ b/client-tags.c
@@ -4,7 +4,7 @@
  *
  * Purpose     :  Functions related to client-specific tags.
  *
- * Copyright   :  Copyright (C) 2016-2017 Fabian Keil <fk at fabiankeil.de>
+ * Copyright   :  Copyright (C) 2016-2025 Fabian Keil <fk at fabiankeil.de>
  *
  *                This program is free software; you can redistribute it
  *                and/or modify it under the terms of the GNU General
@@ -61,6 +61,7 @@ struct client_specific_tag
 struct requested_tags
 {
    char *client; /**< The IP address of the client that requested the tag */
+   char *listen_address; /**< The listen address the client uses */
 
    /**< List of tags the client requested .... */
    struct client_specific_tag *tags;
@@ -70,7 +71,8 @@ struct requested_tags
 };
 
 struct requested_tags *requested_tags;
-static void remove_tag_for_client(const char *client_address, const char *tag);
+static void remove_tag_for_client(const char *client_address,
+   const char *listen_address, const char *tag);
 
 /*********************************************************************
  *
@@ -185,11 +187,13 @@ static struct client_tag_spec *get_client_specific_tag(
  *
  * Parameters  :
  *          1  :  client_address = Address of the client
+ *          2  :  listen_address = Address the request arrived on.
  *
  * Returns     :  Pointer to tag structure or NULL on error.
  *
  *********************************************************************/
-static struct client_specific_tag *get_tags_for_client(const char *client_address)
+static struct client_specific_tag *get_tags_for_client(const char *client_address,
+                                                       const char *listen_address)
 {
    struct requested_tags *requested_tag;
 
@@ -198,7 +202,10 @@ static struct client_specific_tag *get_tags_for_client(const char *client_addres
    {
       if (!strcmp(requested_tag->client, client_address))
       {
-         return requested_tag->tags;
+         if (!strcmp(requested_tag->listen_address, listen_address))
+         {
+            return requested_tag->tags;
+         }
       }
    }
 
@@ -216,19 +223,21 @@ static struct client_specific_tag *get_tags_for_client(const char *client_addres
  * Parameters  :
  *          1  :  tag_list = The list to fill in.
  *          2  :  client_address = Address of the client
+ *          3  :  listen_address = The address the request arrived on.
  *
  * Returns     :  Pointer to tag list.
  *
  *********************************************************************/
 void get_tag_list_for_client(struct list *tag_list,
-                             const char *client_address)
+                             const char *client_address,
+                             const char *listen_address)
 {
    struct client_specific_tag *enabled_tags;
    const time_t now = time(NULL);
 
    privoxy_mutex_lock(&client_tags_mutex);
 
-   enabled_tags = get_tags_for_client(client_address);
+   enabled_tags = get_tags_for_client(client_address, listen_address);
    while (enabled_tags != NULL)
    {
       if (enabled_tags->end_of_life && (enabled_tags->end_of_life < now))
@@ -238,14 +247,14 @@ void get_tag_list_for_client(struct list *tag_list,
             "Tag '%s' for client %s expired %ld seconds ago. Deleting it.",
             enabled_tags->name, client_address,
             (now - enabled_tags->end_of_life));
-         remove_tag_for_client(client_address, enabled_tags->name);
+         remove_tag_for_client(client_address, listen_address, enabled_tags->name);
          enabled_tags = next_tag;
          continue;
       }
       else
       {
-         log_error(LOG_LEVEL_TAGGING, "Enlisting tag '%s' for client %s.",
-            enabled_tags->name, client_address);
+         log_error(LOG_LEVEL_TAGGING, "Enlisting tag '%s' for client %s using %s.",
+            enabled_tags->name, client_address, listen_address);
          enlist(tag_list, enabled_tags->name);
       }
       enabled_tags = enabled_tags->next;
@@ -264,11 +273,13 @@ void get_tag_list_for_client(struct list *tag_list,
  *
  * Parameters  :
  *          1  :  client_address = Address of the client
+ *          2  :  listen_address = Address the request arrived on.
  *
  * Returns     :  Lowest timeout in seconds
  *
  *********************************************************************/
-time_t get_next_tag_timeout_for_client(const char *client_address)
+time_t get_next_tag_timeout_for_client(const char *client_address,
+                             const char *listen_address)
 {
    struct client_specific_tag *enabled_tags;
    time_t next_timeout = 0;
@@ -276,12 +287,13 @@ time_t get_next_tag_timeout_for_client(const char *client_address)
 
    privoxy_mutex_lock(&client_tags_mutex);
 
-   enabled_tags = get_tags_for_client(client_address);
+   enabled_tags = get_tags_for_client(client_address, listen_address);
    while (enabled_tags != NULL)
    {
       log_error(LOG_LEVEL_TAGGING,
-         "Evaluating tag '%s' for client %s. End of life %ld.",
-         enabled_tags->name, client_address, enabled_tags->end_of_life);
+         "Evaluating tag '%s' for client %s using %s. End of life %ld.",
+         enabled_tags->name, client_address, listen_address,
+         enabled_tags->end_of_life);
       if (enabled_tags->end_of_life)
       {
           time_t time_left = enabled_tags->end_of_life - now;
@@ -341,14 +353,16 @@ static struct client_specific_tag *create_client_specific_tag(const char *name,
  *
  * Parameters  :
  *          1  :  client_address = Address of the client
- *          2  :  tag = The tag to add.
- *          3  :  time_to_live = 0, or the number of seconds
+ *          2  :  listen_address = Address used by the client.
+ *          3  :  tag = The tag to add.
+ *          4  :  time_to_live = 0, or the number of seconds
  *                               the tag remains activated.
  *
  * Returns     :  void
  *
  *********************************************************************/
 static void add_tag_for_client(const char *client_address,
+   const char *listen_address,
    const char *tag, const time_t time_to_live)
 {
    struct requested_tags *clients_with_tags;
@@ -361,6 +375,7 @@ static void add_tag_for_client(const char *client_address,
       /* XXX: Code duplication. */
       requested_tags = zalloc_or_die(sizeof(struct requested_tags));
       requested_tags->client = strdup_or_die(client_address);
+      requested_tags->listen_address = strdup_or_die(listen_address);
       requested_tags->tags = create_client_specific_tag(tag, time_to_live);
 
       validate_requested_tags();
@@ -384,6 +399,7 @@ static void add_tag_for_client(const char *client_address,
          clients_with_tags->next->prev = clients_with_tags;
          clients_with_tags = clients_with_tags->next;
          clients_with_tags->client = strdup_or_die(client_address);
+         clients_with_tags->listen_address = strdup_or_die(listen_address);
          clients_with_tags->tags = create_client_specific_tag(tag, time_to_live);
 
          validate_requested_tags();
@@ -416,12 +432,14 @@ static void add_tag_for_client(const char *client_address,
  *
  * Parameters  :
  *          1  :  client_address = Address of the client
- *          2  :  tag = The tag to remove.
+ *          2  :  listen_address = Address used by the client
+ *          3  :  tag = The tag to remove.
  *
  * Returns     :  void
  *
  *********************************************************************/
-static void remove_tag_for_client(const char *client_address, const char *tag)
+static void remove_tag_for_client(const char *client_address,
+                                  const char *listen_address, const char *tag)
 {
    struct requested_tags *clients_with_tags;
    struct client_specific_tag *enabled_tags;
@@ -431,7 +449,8 @@ static void remove_tag_for_client(const char *client_address, const char *tag)
    clients_with_tags = requested_tags;
    while (clients_with_tags != NULL && clients_with_tags->client != NULL)
    {
-      if (!strcmp(clients_with_tags->client, client_address))
+      if (!strcmp(clients_with_tags->client, client_address) &&
+          !strcmp(clients_with_tags->listen_address, listen_address))
       {
          break;
       }
@@ -486,6 +505,7 @@ static void remove_tag_for_client(const char *client_address, const char *tag)
                requested_tags = NULL;
             }
             freez(clients_with_tags->client);
+            freez(clients_with_tags->listen_address);
             freez(clients_with_tags);
          }
          freez(enabled_tags->name);
@@ -510,16 +530,19 @@ static void remove_tag_for_client(const char *client_address, const char *tag)
  *
  * Parameters  :
  *          1  :  client_address = Address of the client
- *          2  :  tag = Tag to check.
+ *          2  :  listen_address = Address the request arrived on.
+ *          4  :  tag = Tag to check.
  *
  * Returns     :  TRUE or FALSE.
  *
  *********************************************************************/
-int client_has_requested_tag(const char *client_address, const char *tag)
+int client_has_requested_tag(const char *client_address,
+                             const char *listen_address,
+                             const char *tag)
 {
    struct client_specific_tag *enabled_tags;
 
-   enabled_tags = get_tags_for_client(client_address);
+   enabled_tags = get_tags_for_client(client_address, listen_address);
 
    while (enabled_tags != NULL)
    {
@@ -563,7 +586,7 @@ jb_err enable_client_specific_tag(struct client_state *csp,
       return JB_ERR_PARSE;
    }
 
-   if (client_has_requested_tag(csp->client_address, tag_name))
+   if (client_has_requested_tag(csp->client_address, csp->listen_addr_str, tag_name))
    {
       log_error(LOG_LEVEL_TAGGING,
          "Tag '%s' already enabled for client '%s'.",
@@ -571,7 +594,8 @@ jb_err enable_client_specific_tag(struct client_state *csp,
    }
    else
    {
-      add_tag_for_client(csp->client_address, tag_name, time_to_live);
+      add_tag_for_client(csp->client_address, csp->listen_addr_str,
+         tag_name, time_to_live);
       log_error(LOG_LEVEL_TAGGING,
          "Tag '%s' enabled for client '%s'. TTL: %ld.",
          tag->name, csp->client_address, time_to_live);
@@ -609,9 +633,10 @@ jb_err disable_client_specific_tag(struct client_state *csp, const char *tag_nam
       return JB_ERR_PARSE;
    }
 
-   if (client_has_requested_tag(csp->client_address, tag_name))
+   if (client_has_requested_tag(csp->client_address, csp->listen_addr_str,
+         tag_name))
    {
-      remove_tag_for_client(csp->client_address, tag_name);
+      remove_tag_for_client(csp->client_address, csp->listen_addr_str, tag_name);
       log_error(LOG_LEVEL_TAGGING,
          "Tag '%s' disabled for client '%s'.", tag->name, csp->client_address);
    }
diff --git a/client-tags.h b/client-tags.h
index bf694519..5566860e 100644
--- a/client-tags.h
+++ b/client-tags.h
@@ -31,14 +31,17 @@
 extern int client_tag_match(const struct pattern_spec *pattern,
                             const struct list *tags);
 extern void get_tag_list_for_client(struct list *tag_list,
-                                    const char *client_address);
-extern time_t get_next_tag_timeout_for_client(const char *client_address);
+                                    const char *client_address,
+                                    const char *listen_address);
+extern time_t get_next_tag_timeout_for_client(const char *client_address,
+                                              const char *listen_address);
 extern jb_err disable_client_specific_tag(struct client_state *csp,
                                           const char *tag_name);
 extern jb_err enable_client_specific_tag(struct client_state *csp,
                                          const char *tag_name,
                                          const time_t time_to_live);
 extern int client_has_requested_tag(const char *client_address,
+                                    const char *listen_address,
                                     const char *tag);
 extern void set_client_address(struct client_state *csp,
                                const struct list *headers);
diff --git a/jbsockets.c b/jbsockets.c
index 1ff73b34..70ddea4d 100644
--- a/jbsockets.c
+++ b/jbsockets.c
@@ -1084,7 +1084,8 @@ int bind_port(const char *hostnam, int portnum, int backlog, jb_socket *pfd)
  * Function    :  get_host_information
  *
  * Description :  Determines the IP address the client used to
- *                reach us and the hostname associated with it.
+ *                reach us, the hostname associated with it and
+ *                the listening address and port.
  *
  *                XXX: Most of the code has been copy and pasted
  *                from accept_connection() and not all of the
diff --git a/jcc.c b/jcc.c
index dd777a71..f147d61c 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1942,7 +1942,8 @@ static jb_err receive_client_request(struct client_state *csp)
 #ifdef FEATURE_CLIENT_TAGS
    /* XXX: If the headers were enlisted sooner, passing csp would do. */
    set_client_address(csp, headers);
-   get_tag_list_for_client(csp->client_tags, csp->client_address);
+   get_tag_list_for_client(csp->client_tags, csp->client_address,
+      csp->listen_addr_str);
 #endif
 
    /*
@@ -2783,7 +2784,8 @@ static jb_err process_encrypted_request_headers(struct client_state *csp)
    if (csp->client_address == NULL)
    {
       set_client_address(csp, headers);
-      get_tag_list_for_client(csp->client_tags, csp->client_address);
+      get_tag_list_for_client(csp->client_tags, csp->client_address,
+         csp->listen_addr_str);
    }
 #endif
 
diff --git a/templates/client-tags b/templates/client-tags
index b1bc4f59..3233b29f 100644
--- a/templates/client-tags
+++ b/templates/client-tags
@@ -114,8 +114,8 @@
             This page shows the configured
             <a title="Lookup client-specific-tag directive in the user-manual"
              href="@user-manual at config.html#CLIENT-SPECIFIC-TAG">client-specific tags</a>,
-            and whether or not they are enabled for the address your request came from
-            (@client-ip-addr@):
+            and whether or not they are enabled for requests from
+            @client-ip-addr@ that arrive on @my-ip-address@:@my-port@:
           </p>
 
         @client-tags@

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:24:02 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:24:02 +0100
Subject: [Privoxy-commits] [privoxy] 04/06: Privoxy-Log-Parser: Bump version
 to 0.9.8
In-Reply-To: <177203303893.8984.4408556348968942315@privoxy-git>
References: <177203303893.8984.4408556348968942315@privoxy-git>
Message-ID: <20260225152400.BAF805977@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 6eb2db2ffea20d323b9ea0a0cfcc35a844503c2d
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Wed Feb 25 16:25:41 2026 +0100

    Privoxy-Log-Parser: Bump version to 0.9.8
---
 tools/privoxy-log-parser.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/privoxy-log-parser.pl b/tools/privoxy-log-parser.pl
index c7f61324..db89ca59 100755
--- a/tools/privoxy-log-parser.pl
+++ b/tools/privoxy-log-parser.pl
@@ -43,7 +43,7 @@ use warnings;
 use Getopt::Long;
 
 use constant {
-    PRIVOXY_LOG_PARSER_VERSION => '0.9.7',
+    PRIVOXY_LOG_PARSER_VERSION => '0.9.8',
     # Feel free to mess with these ...
     DEFAULT_BACKGROUND => 'black',  # Choose registered colour (like 'black')
     DEFAULT_TEXT_COLOUR => 'white', # Choose registered colour (like 'black')

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:24:00 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:24:00 +0100
Subject: [Privoxy-commits] [privoxy] 02/06: wolfssl: Downgrade an error
 message in create_server_ssl_connection()
In-Reply-To: <177203303893.8984.4408556348968942315@privoxy-git>
References: <177203303893.8984.4408556348968942315@privoxy-git>
Message-ID: <20260225152359.D2DCD58EF@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit c1afa4c00f8876446037213035d26664287fd722
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Mon Mar 18 13:07:47 2024 +0100

    wolfssl: Downgrade an error message in create_server_ssl_connection()
    
    ... to LOG_LEVEL_ERROR.
---
 wolfssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfssl.c b/wolfssl.c
index 12b4c441..7adf64ab 100644
--- a/wolfssl.c
+++ b/wolfssl.c
@@ -1145,7 +1145,7 @@ extern int create_server_ssl_connection(struct client_state *csp)
    {
       char buffer[80];
       int error = wolfSSL_get_error(ssl, ret);
-      log_error(LOG_LEVEL_FATAL,
+      log_error(LOG_LEVEL_ERROR,
          "Failed to set check domain name. error = %d, %s",
          error, wolfSSL_ERR_error_string((unsigned long)error, buffer));
       ret = -1;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:24:03 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:24:03 +0100
Subject: [Privoxy-commits] [privoxy] 05/06: GNUMakefile.in: Remove
 duplicated 'only' in the web-rss-feed target's message
In-Reply-To: <177203303893.8984.4408556348968942315@privoxy-git>
References: <177203303893.8984.4408556348968942315@privoxy-git>
Message-ID: <20260225152401.0495A58F2@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 5581486a9dc3b979cfae82677f44aa64b1f0264e
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Tue Jan 13 08:57:33 2026 +0100

    GNUMakefile.in: Remove duplicated 'only' in the web-rss-feed target's message
---
 GNUmakefile.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/GNUmakefile.in b/GNUmakefile.in
index 6dfec416..b7023da0 100644
--- a/GNUmakefile.in
+++ b/GNUmakefile.in
@@ -701,7 +701,7 @@ web-robots.txt:
 	@$(RSYNC) doc/webserver/robots.txt shell.sourceforge.net:$(WWW_ROOT)/htdocs/
 
 web-rss-feed:
-	@$(ECHO) "Updating the rss feed only only ..."
+	@$(ECHO) "Updating the rss feed only ..."
 	@$(RSYNC) doc/webserver/feeds/ shell.sourceforge.net:$(WWW_ROOT)/htdocs/feeds/
 
 web-sponsors:

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

From git at git.privoxy.org  Wed Feb 25 16:24:04 2026
From: git at git.privoxy.org (User Git)
Date: Wed, 25 Feb 2026 16:24:04 +0100
Subject: [Privoxy-commits] [privoxy] 06/06: Unblock gitlab./search/count\?
In-Reply-To: <177203303893.8984.4408556348968942315@privoxy-git>
References: <177203303893.8984.4408556348968942315@privoxy-git>
Message-ID: <20260225152401.3D00B58F4@git.privoxy.org>

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 07a4273b5683ed9db642ec56a3398a9ff76b9ed9
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Fri Jan 9 16:43:39 2026 +0100

    Unblock gitlab./search/count\?
---
 default.action.master | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/default.action.master b/default.action.master
index 78d69f8a..1bd57e60 100644
--- a/default.action.master
+++ b/default.action.master
@@ -804,6 +804,8 @@ support./(.*/)?track
 #MASTER# UNBLOCK-REFERRER: http://munirihsparrow.bandcamp.com/track/lamp-lighted
 # URL = http://popplers5.bandcamp.com/download/track?enc=mp3-128&fsig=bad421a4c31dda49faceefb0f3923630&id=342903379&stream=1&ts=1355881937.0
 /.*download
+# URL = https://gitlab.torproject.org/search/count?group_id=268&project_id=571&scope=users&search=src%2Ftest%2Ftest_util.c
+gitlab./search/count\?
 
 #----------------------------------------------------------------------------
 # Misc Web-bugs, JS and just plain Junk. Images here aren't normal images.

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.