Thanks,
This is great help and a great start!
Philip
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kai Engert
Sent: 10 March 2006 18:59
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: Retrieving server certificate from within plug-in code
Nelson B wrote:
> Philip Hoyer wrote:
>
>> I was wondering if it is possible to get hold of, within a Firefox plug
>> in code or _javascript_, the certificate of the server of the SSL session
>> (one way) of the page on which the plug in or script resides.
>
>> So basically
>> 1) URL typed into browser https://www.foo.com
>> 2) SSL hand shake happens with the server x509 certificate
>> 3) Page is downloaded which contains plug-in or script
>> 4) Plug in is executed within browser - plug in code gets hold
>> locally of the certificate used to establish the SSL handshake from
>> where it was downloaded from
Note there is a difference between
- _javascript_ that is shipped, installed and executed as part of
Mozilla's user interface, or as an extension
and
- _javascript_ that runs on a web page
You are able to access the cert from application _javascript_.
For example I found
http://sslbar.metropipe.net/
which is an extension that displays additional information (fingerprint)
of the server certificate.
By studying the sources of that extensions you could learn where the
server cert is stored.
But I don't know whether you are able to access this information from
within _javascript_ running on a web page.
Kai
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
