Alexander Keller wrote:
> If the alternative is too much, perhaps changing
>         strictssl = FALSE \* Refuse untrusted SSL connections *\
> to
>         strictssl = FALSE \* Validate SSL certificates from server *\
> would help better inform what it does. My initial understanding when I
> used surf was that this would simply deny me the option of bypassing SSL
> errors. Not silently ignore them.

Heyho Alexander,

surf is not _silently_ ignoring them. If the validation fails, `sslfailed` will
be true and in the window title you can see a `…:U` for untrusted instead of
`…:T` for trusted. I don't think the change is good, since surf does the
validation always.


Reply via email to