I looked into how Debian does it. They bundle a configuration file that sets the correct options.
If you download the "debian" file [0], which includes all of their packaging for w3m, you can view the file at 'debian/w3mconfig'. The relevant option is "ssl_verify_server", and it must be set to "1" in order for w3m to perform verification. Example with a domain whose certificate is expired: $ w3m -o ssl_verify_server 1 fmrl.me Do we ever bundle configuration files in this manner? Can a wrapper set command-line variables? I will investigate whether these options can be set at build time. I don't think we should ship a browser in this state, even if users are able to configure it properly after installation. w3m is used by other programs like mutt to render html "under the hood". [0] http://http.debian.net/debian/pool/main/w/w3m/w3m_0.5.3-26.debian.tar.xz