Philip Hoyer wrote: > I am not sure this is the right mailing list but maybe you can point me > in the right direction.
I think this is the right list. > I was wondering if it is possible to get hold of, within a Firefox plug > in code or Javascript, the certificate of the server of the SSL session > (one way) of the page on which the plug in or script resides. > So basically > 1) URL typed into browser https://www.foo.com > 2) SSL hand shake happens with the server x509 certificate > 3) Page is downloaded which contains plug-in or script > 4) Plug in is executed within browser – plug in code gets hold > locally of the certificate used to establish the SSL handshake from > where it was downloaded from > Any help would be greatly appreciated. Yes, I think (but am not 100% certain) that JavaScript on a page can access the cert (chain) of the server from which it was loaded. If JavaScript can, then certainly a plugin should be able to do so. I'll ask some others about this. The answer may take a few days. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
