On 2016-10-13 15:42, Alexander Keller wrote:
That's in the config, the user should be responsible for it.
True, it is in the config. It's also the default. If the alternative is
too much, perhaps changing
strictssl = FALSE \* Refuse untrusted SSL connections *\
to
strictssl = FALSE \* Validate SSL certificates from server *\
would help better inform what it does. My initial understanding when I
used surf was that this would simply deny me the option of bypassing
SSL
errors. Not silently ignore them.
I agree, it's confusing, send a patch to hackers@, they might apply it.
