Nelson B wrote:
Yes, I think (but am not 100% certain) that JavaScript on a page can access the cert (chain) of the server from which it was loaded.
I'm not convinced it's possible (I'm almost sure it's not). I'm convinced since a while it would be useful.
If JavaScript can, then certainly a plugin should be able to do so.
A script with elevated rights certainly can get the server certificate object associated with the current url. It needs some XPCOM magic, and only extension or signed javascript can do that.
But I think it would be quite legitimate to allow ordinary script in the page to get it through the crypto object.
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
