I am able to get the chains well if I use browser.webRequest.getSecurityInfo inside a browser.webRequest.onHeadersReceived listener during a regular https connection, but if the connection failed due to a security issue such as an expired certificate then onHeadersReceived never gets triggered.
If I accept the bad certificate then onHeadersReceived does get triggered, but the security info does not contain the bad certificate.
I tried looking at browser.webRequest.onErrorOccurred and browser.webRequest.onCompleted but had no luck in getting getSecurityInfo to work in those contexts
I know the browser itself has this information because you can get it to display the certificate chain in the built in viewer (which can display arbitrary certificates in the format of url_encode(base64_encode(DER_certificate))
Does any one know how can I get either nice certificate objects or at least the DER bytes (encoded or not, it doesn't matter) ?
If I accept the bad certificate then onHeadersReceived does get triggered, but the security info does not contain the bad certificate.
This is a bug in Firefox.
I tried looking at browser.webRequest.onErrorOccurred and browser.webRequest.onCompleted but had no luck in getting getSecurityInfo to work in those contexts
Like the documentation says: getSecurityInfo only works in onHeadersReceived. There are two related bugs, 1499592 and 1474657, to make getSecurityInfo work with other listeners as well.