Updated to 43, can no longer "continue anyway" on bad certs

shelluser

shelluser last edited by

It's only when both those things are the case where, for some reason, the popup does not appear and you cannot
proceed. Presumably it is to protect average users from malicious sites.

Ah ok, that's not what your OP said

I can reproduce this issue, but also fail to see the problem with it. If you're testing then all you need to do is either install the certificate locally, ensure a long lifespan of your testing certificate, or simply set up and use a local CA (which is what I usually do).

I've often came across expired certificates but hardly any which are both invalid and expired. I really think the problem is hardly as big as you make it sound.

A Former User

A Former User last edited by

It's not that the problem is big, it's that something which was previously up to the user is now decided by someone else.
They've taken away the choice completely, for no real apparent reason.
There are certainly tons of ways to work around it, but it speaks to a larger mentality at the company that users must be protected from themselves.

mtakala

mtakala last edited by

Yep, I could fix 2 of the 4 services I use daily by just generating new key - the previous had expired. As these are services that are being used both by local LAN IP and by a DNS name, I think the certificate can't ever be 100% correct for both use cases?

A Former User

A Former User last edited by

As a followup, it's slightly amusing that the "concept" browser Opera Neon does the correct (previous) thing and lets the user continue anyway, while standard opera now does not. Almost makes a person wonder if this change was actually a bug rather than intentional.

Anyhow, Vivaldi behaves properly as well, so perhaps it's time to make the move over there. It seems to have stabilized quite a bit since release. Sad, because I've been an Opera fan since almost the beginning.

nabino21

nabino21 last edited by

It's still same in the latest stable bulid 991. Not sure if they are gonna fix this in the future but in the meantime this is a workaround (use at your own risk!).

Add this at the end of the shortcut command line --ignore-certificate-errors

eg. "C:\Program Files\Opera\launcher.exe" --ignore-certificate-errors

Kinda defeat the purpose of supposedly increased security by not giving an option for the average user to decide that the site is safe to proceed. Now we gotta disable all certificate warnings just great!

A Former User

A Former User last edited by

I agree, surely it's up to the user if they want to take the risk of proceeding with a potentially risky operation. That choice should not be taken away, Opera are completely covered if warnings were issued.
My Internet Security suite has a similar problem, it warns you about potentially dangerous web sites, but the latest version will not now allow you to go ahead anyway, which previous versions did.
If you know it's a false positive, you can no longer over-ride the warning unless you switch the whole Internet Security system off completely, which is madness!

davepmiddleton

davepmiddleton last edited by

That would be annoying, so I checked to see for myself. These are my findings.

Opera 43.0.2442.991 (64-bit) on Windows 10 still offers a dialog box for:

• Incorrect,
• Self-signed,
• Expired certificates.

See these test links: https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html.

However, for hash functions that are no longer considered safe e.g. expired SHA-1 certificates, Opera 43 no longer offers you an option to continue. See this test link: https://expired.identrustssl.com

Hope this helps.

zalex108

zalex108 last edited by

A way to force websites to update their certificates? :sherlock:

"You cannot know the meaning of your life until you are connected to the power that created you". · Shri Mataji Nirmala Devi

A Former User

A Former User last edited by

That would be annoying, so I checked to see for myself. These are my findings.
Opera 43.0.2442.991 (64-bit) on Windows 10 still offers a dialog box for:

Incorrect,
Self-signed,
Expired certificates.

See these test links: https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html.
However, for hash functions that are no longer considered safe e.g. expired SHA-1 certificates, Opera 43 no longer offers you an option to continue. See this test link: https://expired.identrustssl.com
Hope this helps.

I hadn't bothered working out the exact problem causing it, thanks.
In the end, they're gonna make the decisions they feel work best for the majority of people.
I'll live.

talu1966

talu1966 last edited by

After updating from 39 to 43 in Ubuntu 12.04 I now get the privacy complaint even from google.com and auth.opera.com ! Is my system compromised, or has anyone seen this problem under Linux ?

leocg

leocg Moderator Volunteer last edited by

or has anyone seen this problem under Linux ?

This is the 'Opera for Windows' forum, please use the 'Opera for *nix' to dicuss about Opera for Linux.

gerardtromp

gerardtromp last edited by

Desperately looking for an override function to "Your connection is not private". I don't care and I know the risks. The current step of preventing an override is making it safe for fools at the cost of utility. One cannot prevent fools from being fools.

A Former User

A Former User last edited by

Have you tried using the "--ignore-certificate-errors" switch as mentioned previously?