Can I see the TLS cert of a remote website in a worker

francis.turner · August 27, 2019, 5:16pm

I’m playing with workers to test connectivity to things. Using the fetch command I can get HTML (or JSON etc.) from a remote website. E.g. one of the examples has the worker getting https://workers-tooling.cf/demos/static/html

One of the things I want to do is view is the TLS certificate of the remote host in the connection that got that data.

In node.js I can do this by 'require’ing the tls library and then doing some tweaking of callbacks from getting the data, but you can’t require tls or other node fundamentals in this environment.

With Cloudflare workers I need to use the fetch command but the Cloudflare response object doesn’t seem to have the hooks to view the TLS certificate. In the request.cf object this stuff is present but that’s for the request to the worker as I understand it.

Am I missing/misunderstanding something in the documentation? or is this not possible?

Thanks in advance

Francis

sandro · June 5, 2019, 5:43am

Dont take my response as a definitive answer, as my experience with Fetch is somewhat shaky, but from everything a quick search revealed it really would seem as if there is no dedicated access to that information. You seem to be able to include a client certificate as part of the request (“credential” in Fetch’es lingo) but not access the server certificate.

https://fetch.spec.whatwg.org/#response-class

Only possibility I could imagine right now is that it is injected as meta data into the headers object. Have you checked there? But thats mere guessing.

Again, no definitive answer

francis.turner · August 27, 2019, 5:17pm

Thanks for trying to help

Looking at the definitions in the URL you posted headers is just the HTTP headers. I’m going to try and enumerate them on a real fetch to confirm

Edit did so.

Example result has no TLS stuff
cf-ray: 4e20708fcbffc538-ORD
content-length: 342content-type: text/html;
charset=UTF-8
date: Wed, 05 Jun 2019 07:30:10 GMT
expect-ct: max-age=604800, report-uri=“https://report-uri.Cloudflare.com/cdn-cgi/beacon/expect-ct”
server: Cloudflare
set-cookie: __cfduid=dfd9aa7666c9db243e606de662ee9acbd1559719810; expires=Thu, 04-Jun-20 07:30:10 GMT; path=/; domain=.workers-tooling.cf; HttpOnly

sandro · August 27, 2019, 5:19pm

@francis.turner, it would seem the certificate information is stored in the additional custom “cf” object of “request”.

Lotus · September 19, 2019, 12:38am

@sandro: The webpage hosted on the URL in your answer has been moved. So I take Requset (Documentation) as the reference. But it seems to have nothing to do with the question which asks for how to get TLS certificates data of a remote(third-party) website with fetch API instead of TLS metadata associated with requests sent to the Worker.
As is mentioned by @francis.turner: “In the request.cf object this stuff is present but that’s for the request to the worker as I understand it.”
So I think the thread is incorrectly marked as solved.