Nelson B wrote:
Philip Hoyer wrote:
I was wondering if it is possible to get hold of, within a Firefox plug
in code or Javascript, the certificate of the server of the SSL session
(one way) of the page on which the plug in or script resides.
So basically
1) URL typed into browser https://www.foo.com
2) SSL hand shake happens with the server x509 certificate
3) Page is downloaded which contains plug-in or script
4) Plug in is executed within browser – plug in code gets hold
locally of the certificate used to establish the SSL handshake from
where it was downloaded from
Note there is a difference between
- JavaScript that is shipped, installed and executed as part of
Mozilla's user interface, or as an extension
and
- JavaScript that runs on a web page
You are able to access the cert from application JavaScript.
For example I found
http://sslbar.metropipe.net/
which is an extension that displays additional information (fingerprint)
of the server certificate.
By studying the sources of that extensions you could learn where the
server cert is stored.
But I don't know whether you are able to access this information from
within JavaScript running on a web page.
Kai
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
