Updated to 43, can no longer "continue anyway" on bad certs

  • Prior to updating to version 43, if you went to a site that had an expired or invalid cert you could click "Continue anyway" on a dialog box and just keep going. As of updating just now, this is no longer possible, and you just get a "you can't proceed" message.
    Is there any way around this? Why was this changed?
    As a web developer, it's often necessary to work on test/staging environments with incorrect or outdated certificates.
    I really don't relish the idea of having to use a separate browser for work.

  • This also happened to me. I also work in test enviroments and in local LAN where self-signed certificates are almost extensively used.

    Looks like Opera has just shot itself to the knee, because it is impossible for me to get any work done after this change. I had to install Firefox for the first time in ten years.

  • Registered to this forum just to complain about this issue.
    Having the same problems as the guys above me. And now I don't have any other option that to download firefox and start using it again.
    Hope you reconsider this and maybe add an option to enable/disable this.
    Thanks

  • Yes, I had to start using Chrome for my dev tasks. It's quite frustrating.

  • Registered just to point out to this issue. Had to switch to chrome. Guys, please add an option to "process anyway" or some checkbox in settings.

  • I spoke with an opera rep on Twitter and the response was essentially "Okay, well, we've decided to keep it this way." Very unfortunate.

  • I spoke with an opera rep on Twitter and the response was essentially "Okay, well, we've decided to keep it this way." Very unfortunate.

    Looks like that will be the final straw. Testing Vivaldi now.

  • Uhm, what kind of Opera version are you guys actually using? I'm using the latest Opera 43 (43.0.2442.806) and I have no issues with this. So I think either something changed (doubtful considering the short timespan) or you guys are talking a lot of nonsense up there:

    Test case on local server

    So yeah...

  • Uhm, what kind of Opera version are you guys actually using? I'm using the latest Opera 43 (43.0.2442.806) and I have no issues with this. So I think either something changed (doubtful considering the short timespan) or you guys are talking a lot of nonsense up there:

    So yeah...

    In cases where the certificate has incorrect information, the popup shows as usual. In cases where the certificate has expired, the popup shows as usual. It's only when both those things are the case where, for some reason, the popup does not appear and you cannot proceed. Presumably it is to protect average users from malicious sites.
    All I'd like is some sort of internal flag I can check to override this behaviour, but according to the support rep this behaviour is intentional and not going to change.

  • It's only when both those things are the case where, for some reason, the popup does not appear and you cannot
    proceed. Presumably it is to protect average users from malicious sites.

    Ah ok, that's not what your OP said ๐Ÿ˜‰

    I can reproduce this issue, but also fail to see the problem with it. If you're testing then all you need to do is either install the certificate locally, ensure a long lifespan of your testing certificate, or simply set up and use a local CA (which is what I usually do).

    I've often came across expired certificates but hardly any which are both invalid and expired. I really think the problem is hardly as big as you make it sound.

  • It's not that the problem is big, it's that something which was previously up to the user is now decided by someone else.
    They've taken away the choice completely, for no real apparent reason.
    There are certainly tons of ways to work around it, but it speaks to a larger mentality at the company that users must be protected from themselves.

  • Yep, I could fix 2 of the 4 services I use daily by just generating new key - the previous had expired. As these are services that are being used both by local LAN IP and by a DNS name, I think the certificate can't ever be 100% correct for both use cases?

  • As a followup, it's slightly amusing that the "concept" browser Opera Neon does the correct (previous) thing and lets the user continue anyway, while standard opera now does not. Almost makes a person wonder if this change was actually a bug rather than intentional.

    Anyhow, Vivaldi behaves properly as well, so perhaps it's time to make the move over there. It seems to have stabilized quite a bit since release. Sad, because I've been an Opera fan since almost the beginning.

  • It's still same in the latest stable bulid 991. Not sure if they are gonna fix this in the future but in the meantime this is a workaround (use at your own risk!).

    Add this at the end of the shortcut command line --ignore-certificate-errors

    eg. "C:\Program Files\Opera\launcher.exe" --ignore-certificate-errors

    Kinda defeat the purpose of supposedly increased security by not giving an option for the average user to decide that the site is safe to proceed. Now we gotta disable all certificate warnings just great!

  • I agree, surely it's up to the user if they want to take the risk of proceeding with a potentially risky operation. That choice should not be taken away, Opera are completely covered if warnings were issued.
    My Internet Security suite has a similar problem, it warns you about potentially dangerous web sites, but the latest version will not now allow you to go ahead anyway, which previous versions did.
    If you know it's a false positive, you can no longer over-ride the warning unless you switch the whole Internet Security system off completely, which is madness!
    ๐Ÿ™‚

  • That would be annoying, so I checked to see for myself. These are my findings.

    Opera 43.0.2442.991 (64-bit) on Windows 10 still offers a dialog box for:

    • Incorrect,
    • Self-signed,
    • Expired certificates.

    See these test links: https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html.

    However, for hash functions that are no longer considered safe e.g. expired SHA-1 certificates, Opera 43 no longer offers you an option to continue. See this test link: https://expired.identrustssl.com

    Hope this helps.

  • A way to force websites to update their certificates? :sherlock:

  • That would be annoying, so I checked to see for myself. These are my findings.
    Opera 43.0.2442.991 (64-bit) on Windows 10 still offers a dialog box for:

    Incorrect,
    Self-signed,
    Expired certificates.

    See these test links: https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html.
    However, for hash functions that are no longer considered safe e.g. expired SHA-1 certificates, Opera 43 no longer offers you an option to continue. See this test link: https://expired.identrustssl.com
    Hope this helps.

    I hadn't bothered working out the exact problem causing it, thanks.
    In the end, they're gonna make the decisions they feel work best for the majority of people.
    I'll live.

  • After updating from 39 to 43 in Ubuntu 12.04 I now get the privacy complaint even from google.com and auth.opera.com ! Is my system compromised, or has anyone seen this problem under Linux ?

  • or has anyone seen this problem under Linux ?

    This is the 'Opera for Windows' forum, please use the 'Opera for *nix' to dicuss about Opera for Linux.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.