> surf is not _silently_ ignoring them. If the validation fails, `sslfailed` > will be true and in the window title you can see a `…:U` for untrusted > instead of `…:T` for trusted.
You're right. It does provide that feedback. My apologies. :) I've just been doing a bunch of digging in the TLS code under `void loadstatuschange`. I was prompted because it listed my own domain as untrusted. It turns out, if the website is cached and you visit a page at https, the page will be marked untrusted. This is because `msg` will have no certificate attached. I don't know if this behaviour is intentional. You can test this with: https://developer.gnome.org/gio/stable/gio-TLS-Overview.html Load the page, then close surf and open the page again. The first time you visit it will be trusted, the second it will be untrusted. It will load regardless of your `strictssl` setting. If it is untrusted the first time, clear your cache in `~/.surf/cache/` then repeat the experiment you should see it.
