SSL certificate worries with Netsurf

What is the safest course of action – Reject or Accept – when NetSurf fails to verify the authenticity of an SSL certificate, and no details are presented below because the Certificate chain box is empty?

I can see the yellow frame around the Accept button making it the default, but that seems to me like the riskier thing to do, especially when there are no details to go on.

This has become a worry for me on the Digital Spy forums, which worked well for ages – but as of a few days ago NetSurf hits this SSL certificate problem with EVERY SINGLE PAGE.

What is the safest course of action

RISC OS – accept. Because nasty stuff just isn’t going work in NetSurf.
Anything else – reject, it isn’t worth it.

This has become a worry for me on the Digital Spy forums,

Example URLs?

Just went here: https://forums.digitalspy.com/categories/eurovision-song-contest
from the main page. Took a while to render, but not one single SSL error on either NetSurf or Firefox on my phone.

Also tried the page “least favourite winning song”. Some rendering errors (a lot of black where quoted content should be – bad markup?) but no SSL problems.

RISC OS – accept. Because nasty stuff just isn’t going work in NetSurf.
bq. Anything else – reject, it isn’t worth it.

That’s not great advice I’m afraid. Net surf is completely vulnerable to man in the middle style interception type attacks.

You need to do consider what information could be stolen by having your browsing of this site intercepted. For instance, if you’ve logged into the site you could have your logon details swiped. You also need to consider that any information presented to you on the site could be been subverted (obviously much more important on a banking site or something like that than in the eurovision section :))

If you’re happy with the risks, go for it.

My reply was referring to digital spy. Obviously common sense should kick in and cause you to back away if you get weird results when trying to access something more “critical” such as your bank.

However, in my experience, such sites as banks require more scripting than NetSurf is capable of, so…

What is the safest course of action – Reject or Accept – when NetSurf fails to verify the authenticity of an SSL certificate, and no details are presented below because the Certificate chain box is empty?

First step is probably to look for a new version of NetSurf, which might have an updated certificate bundle.

Looks like the last update was in January.

The latest release was 3.7 in October last year, so you’d need a CI build to try with the latest certificate bundle.

http://ci.netsurf-browser.org/builds/

If a CI build works, but you prefer to run a release, you could simply copy over the !NetSurf.Resources.ca-bundle file.