I figured I'd post this at the top level, since I responded to a long-dead thread...any help from anyone out there would be much appreciated!!
In article <[EMAIL PROTECTED]>, Kai Engert <[EMAIL PROTECTED]> wrote: > You are able to access the cert from application JavaScript. > For example I found > http://sslbar.metropipe.net/ > which is an extension that displays additional information (fingerprint) > of the server certificate. I'm trying to get the server cert used for an https connection from inside a plugin. The sslbar code was VERY helpful, so thanks very much for this pointer. However, I'm running into a subtle issue. I'm trying to intercept and munge the headers on every outgoing https response and incoming https request. I've created an nsIObserver object and registered it to receive all 'http-on-modify-request' and 'http-on-examine-response' events. That works fine, I see all the requests and responses. I'm using browser.securityUI to find out if the connection is SSL protected and, if so, to get the server cert. This _almost_ works. Here is the problem I'm having...on the first request/response pair, there is no SSLStatus object! I've sniffed the traffic, and it appears to be encrypted, but for some reason that first pair doesn't seem to have a certificate associated with it. Here's the code I'm using (lifted pretty much straight from the sslbar folks, so many thanks to them!) to get the cert: var b = getBrowser(); if (b) { var sui = b.securityUI; if (sui) { var prov = sui.QueryInterface(nsISSLStatusProvider); if (prov) { var status = prov.SSLStatus; if (status) { status = status.QueryInterface(nsISSLStatus); if (status) { return status.serverCert; } } } } } return null; The first time I connect to a server over HTTPS, for both the first outgoing request and incoming response, the 'status' object in the above code is null. In subsequent requests and responses, it's fine and I get the cert no problem. Anyone have any ideas? Are there error codes I can check? Other code I can look at? Thanks, Chris _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
