f90dad3fd12f2d38f0407507297343d692a56a48
galt
  Fri Nov 19 14:42:03 2021 -0800
Adding log setting to httpsCertCheck and making it the new default. This makes it even softer on users, gives us more time to prepare, only logs certs to stderr and only if run as a CGI so that SCRIPT_NAME env var is set. The user does not see anything diffent in behavior and output for log level, but we see cert issues in the log.

diff --git src/product/ex.hg.conf src/product/ex.hg.conf
index 971b738..4430690 100644
--- src/product/ex.hg.conf
+++ src/product/ex.hg.conf
@@ -461,32 +461,32 @@
 
 # enable user specific style directory (CSS files)
 # browser.styleDir=style-public
 
 # enable user specific style/images directory
 # browser.styleImagesDir=style/images-public
 
 # enable user specific css file
 # browser.style=/style/mystyle.css
 
 # enable user specific trix file for track search tool
 # does substitution on the $db variable
 # browser.trixPath=/gbdb/$db/trackDb.ix
 
 # HTTPS CERTIFICATE VERIFY
-# Options are abort, warn, or none (currently default is warn)
-#httpsCertCheck=warn
+# Options are abort, warn, log, or none (currently default is warn)
+#httpsCertCheck=log
 # domains to whitelist, skip cert checking, space-separated list
 #httpsCertCheckDomainExceptions=
 
 # PROXY
 # enable http(s) proxy support in net.c
 #httpProxy=http://someProxyServer:3128
 #httpsProxy=http://someProxyServer:3128
 #ftpProxy=ftp://127.0.0.1:2121
 # if proxy server needs BASIC authentication
 #httpProxy=http://user:password@someProxyServer:3128
 #httpsProxy=http://user:password@someProxyServer:3128
 # if some domain suffixes should not be proxied:
 #noProxy=ucsc.edu,mit.edu,localhost,127.0.0.1
 
 # enable local file access for custom tracks