|
WebApp Sec
mailing list archives
RE: Client script access to server cert info
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Mon, 14 Apr 2003 00:20:51 -0400
To clarify, what I'm looking for is a way for script on a page to access
the server certificate information used during the SSL connection over
which the page was provided. I.e. if Alice requests a page from
bob.com, but the bob.com server returns a certificate that actually says
mallory.com, and Alice presses "OK" when prompted about the discrepancy,
it would be nice if there was a way to detect this using script that ran
in the browser. I'm trying to find out if anybody knows of any
browser/DOM/DHTML objects that contain a description (signing chain, CN,
fingerprint, whatever) of the actual server certificate information
presented during the SSL handshake.
Phil
-----Original Message-----
From: Brass, Phil (ISS Atlanta)
Sent: Sunday, April 13, 2003 11:51 PM
To: webappsec () securityfocus com
Subject: Client script access to server cert info
Does anybody know if there is a way to access the server
certificate information in client-side script in a web browser?
Thanks!
Phil
 By Date 
By Thread
Current thread:
|
Intro
