On 2016-10-13 15:42, Alexander Keller wrote:
That's in the config, the user should be responsible for it.
True, it is in the config. It's also the default. If the alternative is
too much, perhaps changing
        strictssl = FALSE \* Refuse untrusted SSL connections *\
        strictssl = FALSE \* Validate SSL certificates from server *\
would help better inform what it does. My initial understanding when I
used surf was that this would simply deny me the option of bypassing SSL
errors. Not silently ignore them.

I agree, it's confusing, send a patch to hackers@, they might apply it.

Reply via email to