jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stuart Barlow <stuart.bar...@gmail.com>
Subject HttpClient SSL Handshake and self-signed certificate
Date Fri, 14 Oct 2016 10:35:45 GMT
Hi

In test environments self-signed certificates are common and they're 
not always created in the right way. I'm trying to connect via HTTPS 
Request to a website that uses a self-signed cert where the hostname is 
not correctly set inside the cert. The CN field has a value like 
"test-web-cert" and that cert is also used by two different domains. 
It's deployed for both https://www.test1.thirdpartywebsite.com and 
https://www.test2.thirdpartywebsite.com

I can access these websites from a browser and can view the certificate 
this way. The browser is more forgiving than JMeter. I tried exporting 
it from the browser and importing into the truststore used by JMeter (I 
set javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in 
system.properties) and also into the cacerts in my JRE lib/security 
folder. Both of these didn't work.

I always see this in the Response Tab of a Results Tree:

java.net.SocketTimeoutException: Read timed out
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
	at java.net.SocketInputStream.read(SocketInputStream.java:170)
	at java.net.SocketInputStream.read(SocketInputStream.java:141)
	at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
	at sun.security.ssl.InputRecord.read(InputRecord.java:503)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
	at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at 
org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:573)
	at 
org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:447)
	at 
org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.createLayeredSocket(LazySchemeSocketFactory.java:121)
	at 
org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:219)
	at 
org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:421)
	at 
org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.layerProtocol(MeasuringConnectionManager.java:152)
	at 
org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:815)
	at 
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:616)
	at 
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
	at 
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
	at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at 
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619)
	at 
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379)
	at 
org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
	at 
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
	at 
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135)
	at 
org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465)
	at 
org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410)
	at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241)
	at java.lang.Thread.run(Thread.java:745)

My theory at the moment is that the SSL handshake is dropped because of 
hostname validation. I'm trying to connect to 
https://www.test1.thirdpartywebsite.com but the certificate contains 
value test-web-cert. They don't match so the connection is dropped. I'm 
able to use curl with the -k option to retrieve the content if that's 
relevant.

Can anyone tell me if there is a way in JMeter to disable hostname 
validation during SSL Handshake?


Thanks,

Stuart

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org


Mime
View raw message