Get fingerprint of current page's SSL certificate in a Chrome extension
Question
I'm attempting to write an extension which verifies the SHA1 fingerprint of a site's SSL certificate with a third party. However it doesn't seem to be possible to do this either through native JavaScript or Chrome's extension APIs.
I found this question which would seem to do what I want: How can I get the SSL Certificate info for the *current* page in a Firefox Extension
But unfortunately it is only applicable to Firefox. Is there any way to do this in a cross browser compatible way, or even just in Chrome?
1 answers
solution1
6 2014-02-04 01:41:37
Not as of January 2014 (but there are bug reports on file).
Firefox
Firefox currently only has a way to provide certificate information passively, without any extension API to be able to block a connection that is deemed to have an inappropriate certificate. There's Mozilla Bug #644640 — "Implement extension point for extensions to influence trust decisions in PSM" , which is tracking the ability to decline connections.
Chromium
Chrome, on the other hand, doesn't even let you examine the certificate in the first place; there's Chromium Issue #107793 — "Provide information about the TLS connections to extensions via the webRequest API" , which appears to track both the ability to simply examine the certificates in the first place, and also to revoke trust, if needed.
(There's also an earlier Chromium Issue #49469 — "Feature request: Implement Extensions API for accessing information about HTTPS/SSL certificate for web page" , but it would seem like Issue #107793 has taken over.)
The draft of Chromium API proposal as linked to Issue 107793 above (note that it's only a draft of the proposed interface, without an actual implementation so far):
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.