There's DANE [1], which uses DNSSEC to authenticate TLS certificates. Chrome supports (or at least supported) something very similar but Chome-specific [2]. The code to support DANE in Chrome apparently exists but I don't know if it's actually available to use. [3]