webRequest.getSecurityInfo.certificates: PEM format? (or at least include Extensions)

I’m developing an extension to display more information about the current TLS connection. Among the things I’d like to be able to increase display of is OCSP.

In particular, I’d like to be able to at least notify the user if the certificate claimed Must-Staple but it was not provided (among other facets of more genrally providing a more robust soft-fail).

However, nowhere on the MDN page for webRequest:CertificateInfo does it mention either “Extension” or “staple”. Therefore, I assume this level of access not to be provided.

Could webRequest.getSecurityInfo be upgraded to provide this access?

You should have looked more carefully. If you pass the key rawDER: true in the options parameter, you’ll get it.

Granted, it’s some effort to get from there to all the information you need, but it’s, at least, all there.