WebApp Sec mailing list archives
Re: Client script access to server cert info
From: "Jon Pastore" <jpastore () idetech net>
Date: Wed, 16 Apr 2003 07:17:42 -0400
can you recommend one for perl? CPAN wasn't playing nice when I did a search eariler...I have an intranet application I sell based on perl that it would be nice if we could make sure it only runs on the computer it was told to. and being able to analyze the cert would be nice... -Jon ----- Original Message ----- From: "Maupin, Tony" <Tony.Maupin () integris-health com> To: "'Brass, Phil (ISS Atlanta)'" <PBrass () iss net>; <webappsec () securityfocus com> Sent: Monday, April 14, 2003 9:55 AM Subject: RE: Client script access to server cert info
What you're looking for is called a "certificate parsing module". Do a search on that term and/or add open source to the search depending on what you're looking for. It will do everything you are asking and more. Tony Maupin -----Original Message----- From: Brass, Phil (ISS Atlanta) [mailto:PBrass () iss net] Sent: Sunday, April 13, 2003 11:21 PM To: webappsec () securityfocus com Subject: RE: Client script access to server cert info To clarify, what I'm looking for is a way for script on a page to access the server certificate information used during the SSL connection over which the page was provided. I.e. if Alice requests a page from bob.com, but the bob.com server returns a certificate that actually says mallory.com, and Alice presses "OK" when prompted about the discrepancy, it would be nice if there was a way to detect this using script that ran in the browser. I'm trying to find out if anybody knows of any browser/DOM/DHTML objects that contain a description (signing chain, CN, fingerprint, whatever) of the actual server certificate information presented during the SSL handshake. Phil-----Original Message----- From: Brass, Phil (ISS Atlanta) Sent: Sunday, April 13, 2003 11:51 PM To: webappsec () securityfocus com Subject: Client script access to server cert info Does anybody know if there is a way to access the server certificate information in client-side script in a web browser? Thanks! Phil
Current thread:
- Client script access to server cert info Brass, Phil (ISS Atlanta) (Apr 13)
- <Possible follow-ups>
- RE: Client script access to server cert info Brass, Phil (ISS Atlanta) (Apr 13)
- RE: Client script access to server cert info Dawes, Rogan (ZA - Johannesburg) (Apr 14)
- RE: Client script access to server cert info Maupin, Tony (Apr 14)
- Re: Client script access to server cert info Jon Pastore (Apr 16)
- RE: Client script access to server cert info Dawes, Rogan (ZA - Johannesburg) (Apr 16)
- Re: Client script access to server cert info n30 (Apr 16)
- RE: Client script access to server cert info Jimi Thompson (Apr 16)