From sdavies at umw.edu Sat Apr 14 20:55:55 2018 From: sdavies at umw.edu (Stephen Davies (sdavies)) Date: Sat, 14 Apr 2018 18:55:55 +0000 Subject: [qutebrowser] certificate errors Message-ID: <20180414185453.GD2888@umw.edu> When I visit certain websites, especially on certain wireless networks, qutebrowser gets peppered with periodic messages that I have to click through: Certificate errors -- continue? Server's certificate is not trusted. Is there a way to disable these? Perhaps you'll tell me that it's dangerous and evil to do so. That's as may be, but I do know that these are sites I check periodically, recognize the content on, and have strong reason to believe are not compromised in any way. Further, other browsers never complain about them. - Stephen Davies, Ph.D. (stephen at umw.edu) From jaygkamat at gmail.com Sat Apr 14 21:32:06 2018 From: jaygkamat at gmail.com (Jay Kamat) Date: Sat, 14 Apr 2018 15:32:06 -0400 Subject: [qutebrowser] certificate errors In-Reply-To: <20180414185453.GD2888@umw.edu> (Stephen Davies's message of "Sat, 14 Apr 2018 18:55:55 +0000") References: <20180414185453.GD2888@umw.edu> Message-ID: <871sfh4ma1.fsf@gmail.com> Hi Stephen! "Stephen Davies (sdavies)" writes: > Is there a way to disable these? I think you can do this with :set content.ssl_strict false > Perhaps you'll tell me that it's dangerous and evil to do so. That's as > may be, but I do know that these are sites I check periodically, recognize the > content on, and have strong reason to believe are not compromised in any way. > Further, other browsers never complain about them. Yes, this is probably a very bad idea, since you wouldn't know if you're being MITM'd. I'm not sure why there are more SSL warnings in qutebrowser than in normal ones (I see them too). I think this might be qutebrowser using system certs rather than the built-in ones (but I'm not sure if that's the case). -Jay From mail at fritzreichwald.de Sun Apr 15 00:19:56 2018 From: mail at fritzreichwald.de (Fritz Reichwald) Date: Sun, 15 Apr 2018 00:19:56 +0200 Subject: [qutebrowser] certificate errors In-Reply-To: <871sfh4ma1.fsf@gmail.com> References: <20180414185453.GD2888@umw.edu> <871sfh4ma1.fsf@gmail.com> Message-ID: <87muy5whv7.fsf@fritz-gpd.i-did-not-set--mail-host-address--so-tickle-me> Hi Jay > I'm not sure why there are more SSL warnings in > qutebrowser than in normal ones (I see them too). I think this might be > qutebrowser using system certs rather than the built-in ones (but I'm > not sure if that's the case). I think its because qutebrowser tells you about the issues with a popup but other browsers only show some small icon somewhere you are not looking at regularly. Fritz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From me at the-compiler.org Sun Apr 15 10:07:40 2018 From: me at the-compiler.org (Florian Bruhin) Date: Sun, 15 Apr 2018 10:07:40 +0200 Subject: [qutebrowser] certificate errors In-Reply-To: <871sfh4ma1.fsf@gmail.com> References: <20180414185453.GD2888@umw.edu> <871sfh4ma1.fsf@gmail.com> Message-ID: <20180415080740.4ki36gx7lx7hlqoi@hooch.localdomain> On Sat, Apr 14, 2018 at 03:32:06PM -0400, Jay Kamat wrote: > Hi Stephen! > > "Stephen Davies (sdavies)" writes: > > > Is there a way to disable these? > > I think you can do this with :set content.ssl_strict false Or set it to "true" instead and see how that goes, where it silently drops those connections. > > Perhaps you'll tell me that it's dangerous and evil to do so. That's as > > may be, but I do know that these are sites I check periodically, recognize the > > content on, and have strong reason to believe are not compromised in any way. > > Further, other browsers never complain about them. > > Yes, this is probably a very bad idea, since you wouldn't know if you're > being MITM'd. I'm not sure why there are more SSL warnings in > qutebrowser than in normal ones (I see them too). I think this might be > qutebrowser using system certs rather than the built-in ones (but I'm > not sure if that's the case). Likely because other browsers only allow you to bypass it if it's a toplevel navigation, while qutebrowser also asks for resources which are loaded from a page with invalid certificate. Related issue: https://github.com/qutebrowser/qutebrowser/issues/3418 Florian -- https://www.qutebrowser.org | me at the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: