在Chrome扩展程序中获取当前页面SSL证书的指纹 [英] Get fingerprint of current page's SSL certificate in a Chrome extension

问题描述

我试图编写一个扩展程序来验证第三方网站SSL证书的SHA1指纹。然而，似乎无法通过原生JavaScript或Chrome的扩展API来执行此操作。

我发现这个问题看起来像是我想要的：< a href =https://stackoverflow.com/questions/6983401/how-can-i-get-the-ssl-certificate-info-for-the-current-page-in-a-firefox-exten>如何我可以在Firefox扩展中获得* current *页面的SSL证书信息吗？

但不幸的是，它仅适用于Firefox。有没有办法以跨浏览器兼容的方式来做到这一点，甚至只是在Chrome浏览器中？ 解决方案

截至2014年1月（但存在文件上的错误报告）。

Firefox

Firefox目前只有一种方法可以提供证书信息被动地在没有任何扩展API的情况下能够阻止被认为具有不适当证书的连接。有 Mozilla Bug＃644640 — 实施扩展的延伸点，以影响PSM中的信任决策，它正在跟踪拒绝连接的能力。

Chromium

另一方面，Chrome甚至不允许您首先检查证书;有 Chromium问题＃107793 — 通过webRequest API提供有关通过扩展TLS连接的信息，它似乎跟踪首先简单检查证书的能力，并且如果需要也可以撤消信任。

（还有一个较早的铬问题＃49469—功能请求：实现扩展API以访问有关网页的HTTPS / SSL证书的信息，但看起来像问题＃107793已接管。）

与上述问题107793相关的Chromium API提案草案（请注意，这只是拟议接口的草稿，目前尚未实际实施）：

• https://sites.google.com/a/chromium.org/dev/developers/d esign-documents / extensions / proposed-changes / apis-under-development / webrequest-ssl-hooks
  

I'm attempting to write an extension which verifies the SHA1 fingerprint of a site's SSL certificate with a third party. However it doesn't seem to be possible to do this either through native JavaScript or Chrome's extension APIs.

I found this question which would seem to do what I want: How can I get the SSL Certificate info for the *current* page in a Firefox Extension

But unfortunately it is only applicable to Firefox. Is there any way to do this in a cross browser compatible way, or even just in Chrome?

解决方案

Not as of January 2014 (but there are bug reports on file).

Firefox

Firefox currently only has a way to provide certificate information passively, without any extension API to be able to block a connection that is deemed to have an inappropriate certificate. There's Mozilla Bug #644640 — "Implement extension point for extensions to influence trust decisions in PSM", which is tracking the ability to decline connections.

Chromium

Chrome, on the other hand, doesn't even let you examine the certificate in the first place; there's Chromium Issue #107793 — "Provide information about the TLS connections to extensions via the webRequest API", which appears to track both the ability to simply examine the certificates in the first place, and also to revoke trust, if needed.

(There's also an earlier Chromium Issue #49469 — "Feature request: Implement Extensions API for accessing information about HTTPS/SSL certificate for web page", but it would seem like Issue #107793 has taken over.)

The draft of Chromium API proposal as linked to Issue 107793 above (note that it's only a draft of the proposed interface, without an actual implementation so far):

• https://sites.google.com/a/chromium.org/dev/developers/design-documents/extensions/proposed-changes/apis-under-development/webrequest-ssl-hooks

这篇关于在Chrome扩展程序中获取当前页面SSL证书的指纹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！