The bug appears worse than that. I also get no errors when accessing a site with a self-signed certificate; or with the wrong hostname in the certificate. This is, I think, a pretty serious flaw as it makes impersonation or an active man-in-the-middle attack very easy. On the other hand, dillo does not display a padlock icon, so it could be argued that users have no expectation of security from dillo.
-- Neil Moore, n...@s-z.org, http://s-z.org/neil/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
