如果 SSL 证书有效,请检查 Javascript
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2618944/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Check in Javascript if a SSL Certificate is valid
提问by MB.
Is there a way to check in JavaScript if given a host it's SSL certificate is valid? (non blocking)
如果给定主机它的 SSL 证书有效,有没有办法检查 JavaScript?(非阻塞)
In my case I want to display: "you can also use https://.." if via JavaScript I can make a request to https://my_urlwithout being asked to accept an untrusted certificate.
就我而言,我想显示:“你也可以使用 https://..”,如果我可以通过 JavaScript 提出请求,https://my_url而不会被要求接受不受信任的证书。
Can this be done asynchronously?
这可以异步完成吗?
采纳答案by user207421
The question doesn't make sense. You can't get the server's SSL certificate without opening an SSL connection to it, and once you've done that, telling the user they can do that too is a bit pointless.
这个问题没有意义。如果不打开与服务器的 SSL 连接,就无法获得服务器的 SSL 证书,一旦完成,告诉用户他们也可以这样做就没有意义了。
回答by Tomasz Gandor
Take a look here: https://support.mozilla.org/pl/questions/923494
看看这里:https: //support.mozilla.org/pl/questions/923494
<img src="https://the_site/the_image" onerror="redirectToCertPage()">
However, this may be Mozilla-specific.
但是,这可能是 Mozilla 特定的。
Anyway, I would see if a solution along these lines would work:
无论如何,我会看看这些方面的解决方案是否可行:
<script> var sslCertTrusted = false; </script>
<script src="https://example.com/ssltest.js"></script>
<script>
if (!sslCertTrusted)
{
alert('Sorry, you need to install the certificate first.');
window.location('http://example.com/cert_install_instructions/');
}
else
{
// alert('Redirecting to secure connection')
window.location('https://example.com/');
}
<script>
You of course need to make your web server return this code under the URL https://example.com/ssltest.js:
您当然需要让您的 Web 服务器在 URL 下返回此代码https://example.com/ssltest.js:
sslCertTrusted = true;
I'm not exactly sure about the details. But I've seen similar technology used to detect adblocking etc. You may need to piggyback on the windowobject maybe, if the variable can't be modified by another script, but generally making the above proof of concept work is left as an exercise to the reader.
我不太确定细节。但我见过类似的技术用于检测广告拦截等。window如果变量不能被另一个脚本修改,你可能需要搭载在对象上,但通常将上述概念证明工作作为练习留给读者。
回答by Zrin
What I've found up to now - it is possible with Firefox, don't know yet about other browsers:
到目前为止我发现的 - Firefox 是可能的,尚不知道其他浏览器:
https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
回答by Joel
The straight answer is no. Javascript does not provide any means of validating certificates. This is a job left to the browser.
直接的答案是否定的。Javascript 不提供任何验证证书的方法。这是留给浏览器的工作。
A better approach to this problem is from the server side. If you are controlling the site, than you can render down a variable on the page with information gleaned on the server side.
解决此问题的更好方法是从服务器端。如果您正在控制站点,那么您可以在页面上呈现一个变量,并在服务器端收集信息。
In .Net something like
在 .Net 中类似
var canSecure = <%= MySiteHasSsl ? "true" : "false" %>;
if (canSecure) {
if (confirm("This site supports SSL encryption. Would you like to switch to a secure connection?")) {
location.href = "https://mysite.com";
}
}
回答by Boa
Useful notice: navigator.clipboardwill be undefinedon Chrome browsers if there's no valid SSL certificate.
有用的通知:如果没有有效的 SSL 证书,navigator.clipboard将undefined在 Chrome 浏览器上。
回答by dlongley
I'm not quite sure what your use case is. If you are just trying to "check ahead of time" before you provide a link to someone for another website then the other answers here will be more relevant than mine.
我不太确定你的用例是什么。如果您只是在为其他网站提供指向某人的链接之前尝试“提前检查”,那么这里的其他答案将比我的更相关。
If you are expecting mysite.com to use an SSL certificate that isn't trusted by default in the browser but you have another way of knowing it should be trusted, then you could use a JavaScript TLS implementation to make cross-domain requests to that other site. However, this requires that your website be served on https and trusted in the browser to begin with and the other site to provide a Flash cross-domain policy file.
如果您希望 mysite.com 使用浏览器中默认不受信任的 SSL 证书,但您有另一种方式知道它应该受信任,那么您可以使用 JavaScript TLS 实现向该证书发出跨域请求其他网站。但是,这要求您的网站首先在 https 上提供服务并在浏览器中受信任,并且其他站点提供 Flash 跨域策略文件。
If this sounds anything like what you want to do, check out the open source Forge project at github:
如果这听起来像您想要做的事情,请查看 github 上的开源 Forge 项目:
回答by Tel
You could run a server elsewhere that handles certificate checks based on whatever you want, then your javascript application sends a request to that server asking for a checkup. This does require that you have at least one server somewhere in the world that you can trust.
您可以在其他地方运行一个服务器,根据您的需要处理证书检查,然后您的 javascript 应用程序向该服务器发送请求,要求进行检查。这确实要求您在世界上的某个地方至少拥有一台您可以信任的服务器。
A query of this nature can be done in the background quite easily.
这种性质的查询可以在后台很容易地完成。
