[tor-commits] [tor/master] Add a manpage entry and changes file for for HTTPTunnelPort

[nickm at torproject.org]

commit fead6449564f4d946662fc32e0f42bfe852f62a3
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Sep 5 11:23:44 2017 -0400

    Add a manpage entry and changes file for for HTTPTunnelPort
---
 changes/feature22407 |  5 +++++
 doc/tor.1.txt        | 15 +++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/changes/feature22407 b/changes/feature22407
new file mode 100644
index 000000000..aec6c15f4
--- /dev/null
+++ b/changes/feature22407
@@ -0,0 +1,5 @@
+  o Minor features (client):
+    - You can now use Tor as a tunneled HTTP proxy: use the HTTPTunnelPort
+      option to open a port that accepts HTTP CONNECT requests.
+      Closes ticket 22407.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 2e11534a6..1898b7237 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -777,7 +777,8 @@ CLIENT OPTIONS
 --------------
 
 The following options are useful only for clients (that is, if
-**SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero):
+**SocksPort**, **HTTPTunnelPort**, **TransPort**, **DNSPort**, or
+**NATDPort** is non-zero):
 
 [[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__]::
     When set along with UseBridges, instructs Tor to use the relay at
@@ -1101,7 +1102,9 @@ The following options are useful only for clients (that is, if
         Unsupported and force-disabled when using Unix domain sockets.)
     **IsolateSOCKSAuth**;;
         Don't share circuits with streams for which different
-        SOCKS authentication was provided. (On by default;
+        SOCKS authentication was provided. (For HTTPTunnelPort
+        connections, this option looks at the Proxy-Authorization and
+        X-Tor-Stream-Isolation headers. On by default;
         you can disable it with **NoIsolateSOCKSAuth**.)
     **IsolateClientProtocol**;;
         Don't share circuits with streams using a different protocol.
@@ -1322,6 +1325,14 @@ The following options are useful only for clients (that is, if
     the node "foo". Disabled by default since attacking websites and exit
     relays can use it to manipulate your path selection. (Default: 0)
 
+[[HTTPTunnelPort]] **HTTPTunnelPort**  \['address':]__port__|**auto** [_isolation flags_]::
+    Open this port to listen for proxy connections using the "HTTP CONNECT"
+    protocol instead of SOCKS. Set this to 0
+    0 if you don't want to allow "HTTP CONNECT" connections. Set the port
+    to "auto" to have Tor pick a port for you. This directive can be
+    specified multiple times to bind to multiple addresses/ports.  See
+    SOCKSPort for an explanation of isolation flags. (Default: 0)
+
 [[TransPort]] **TransPort**  \['address':]__port__|**auto** [_isolation flags_]::
     Open this port to listen for transparent proxy connections.  Set this to
     0 if you don't want to allow transparent proxy connections.  Set the port