|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Client script access to server cert info
From: Maupin, Tony (Tony.Maupin
integris-health.com)
Date: Mon Apr 14 2003 - 08:55:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What you're looking for is called a "certificate parsing module". Do a
search on that term and/or add open source to the search depending on what
you're looking for. It will do everything you are asking and more.
Tony Maupin
-----Original Message-----
From: Brass, Phil (ISS Atlanta) [mailto:PBrassiss.net]
Sent: Sunday, April 13, 2003 11:21 PM
To: webappsecsecurityfocus.com
Subject: RE: Client script access to server cert info
To clarify, what I'm looking for is a way for script on a page to access
the server certificate information used during the SSL connection over
which the page was provided. I.e. if Alice requests a page from
bob.com, but the bob.com server returns a certificate that actually says
mallory.com, and Alice presses "OK" when prompted about the discrepancy,
it would be nice if there was a way to detect this using script that ran
in the browser. I'm trying to find out if anybody knows of any
browser/DOM/DHTML objects that contain a description (signing chain, CN,
fingerprint, whatever) of the actual server certificate information
presented during the SSL handshake.
Phil
> -----Original Message-----
> From: Brass, Phil (ISS Atlanta)
> Sent: Sunday, April 13, 2003 11:51 PM
> To: webappsecsecurityfocus.com
> Subject: Client script access to server cert info
>
>
> Does anybody know if there is a way to access the server
> certificate information in client-side script in a web browser?
>
> Thanks!
>
> Phil
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]