在 Chrome 扩展程序中获取当前页面 SSL 证书的指纹 [英] Get fingerprint of current page's SSL certificate in a Chrome extension

问题描述

我正在尝试编写一个扩展程序，用于与第三方验证站点 SSL 证书的 SHA1 指纹.但是，通过原生 JavaScript 或 Chrome 的扩展 API 似乎无法做到这一点.

I'm attempting to write an extension which verifies the SHA1 fingerprint of a site's SSL certificate with a third party. However it doesn't seem to be possible to do this either through native JavaScript or Chrome's extension APIs.

我发现这个问题似乎可以满足我的要求:如何获取 Firefox 扩展中 *current* 页面的 SSL 证书信息

I found this question which would seem to do what I want: How can I get the SSL Certificate info for the *current* page in a Firefox Extension

但不幸的是，它只适用于 Firefox.有没有办法以跨浏览器兼容的方式执行此操作，甚至仅在 Chrome 中执行此操作?

But unfortunately it is only applicable to Firefox. Is there any way to do this in a cross browser compatible way, or even just in Chrome?

推荐答案

截至 2014 年 1 月(但有错误报告存档).

Not as of January 2014 (but there are bug reports on file).

Firefox 目前只有被动提供证书信息的方法，没有任何扩展 API 能够阻止被认为具有不适当证书的连接.有 Mozilla Bug #644640 —实施扩展点以影响 PSM 中的信任决策"，它正在跟踪拒绝连接的能力.

Firefox currently only has a way to provide certificate information passively, without any extension API to be able to block a connection that is deemed to have an inappropriate certificate. There's Mozilla Bug #644640 — "Implement extension point for extensions to influence trust decisions in PSM", which is tracking the ability to decline connections.

另一方面，Chrome 甚至不允许您首先检查证书；有 Chromium 问题 #107793 —通过 webRequest API 提供有关与扩展的 TLS 连接的信息"，这似乎可以跟踪首先简单检查证书的能力，以及在需要时撤销信任的能力.

Chrome, on the other hand, doesn't even let you examine the certificate in the first place; there's Chromium Issue #107793 — "Provide information about the TLS connections to extensions via the webRequest API", which appears to track both the ability to simply examine the certificates in the first place, and also to revoke trust, if needed.

(还有一个较早的 Chromium Issue #49469 —功能请求: 实现扩展 API 以访问有关网页 HTTPS/SSL 证书的信息"，但似乎问题 #107793 已接管.)

(There's also an earlier Chromium Issue #49469 — "Feature request: Implement Extensions API for accessing information about HTTPS/SSL certificate for web page", but it would seem like Issue #107793 has taken over.)

Chromium API 提案草案与上面的问题 107793 相关联(请注意，这只是拟议接口的草案，目前还没有实际实现):

The draft of Chromium API proposal as linked to Issue 107793 above (note that it's only a draft of the proposed interface, without an actual implementation so far):

• https://sites.google.com/a/chromium.org/dev/developers/design-documents/extensions/proposed-changes/apis-under-development/webrequest-ssl-hooks

这篇关于在 Chrome 扩展程序中获取当前页面 SSL 证书的指纹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！