jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepak Shetty <shet...@gmail.com>
Subject Re: HttpClient SSL Handshake and self-signed certificate
Date Fri, 28 Oct 2016 18:26:56 GMT
Hi
can you clarify what you mean.
The JMeter Proxy is used for recording a script - as such the browser needs
to be configured to send all requests to JMeter for it to record it - you
typically dont want to exclude things here (if you did , you'd configure
the browser to bypass the JMeter proxy for some hosts)

This is different from how JMeter/java itself needing a proxy to make its
request successful (and Im guessing thats what you are referring to)
http://jmeter.apache.org/usermanual/get-started.html#proxy_server see -N to
ignore (not a 100% sure that this works with httpclient but you can test
and see with different implementations)


On Fri, Oct 28, 2016 at 3:35 AM, Stuart Barlow <stuart.barlow@gmail.com>
wrote:

> Hi Ivan,
>
> Thanks for your reply and the suggestions. I did give them all a try but
> none worked. I eventually figured out what the problem is but might still
> need some advice on how to handle it.
>
> There's an HTTP proxy in place in the intranet I work on and the website
> I'm testing goes through the proxy for most things but for some pages (and
> for some nested resources like images) there is a direct connection.
>
> In JMeter I don't see a way to tell it to ignore the proxy for particular
> HTTP URL patterns. Does anyone know of a way to do this? Otherwise I'll
> install my own local proxy instance and configure it to redirect the
> requests as necessary.
>
> Stuart
>
>
> On 14.10.2016 15:13, Ivan Rancati wrote:
>
>> hi,
>> No idea whether JMeter validates the hostname. I thought not, as I have
>> some tests that access the server by IP address, and the server
>> certificate
>> has a hostname.
>> A couple of ideas to try to narrow down the problem
>>
>> - check jmeter.log
>> You should see some INFO entries from jmeter.util.SSLManager, see if your
>> keystore and aliases are loaded as expected.
>> - java keytool problems
>> I once could not get the keytool to work (it might have been a OpenJDK on
>> Linux issue, I did not get around to try with Oracle JDK); I exported
>> certificate/key to a .p12 file instead and it worked.
>>
>> Btw, for quicker troubleshooting, you can also pass all the SSL options
>> directly from the command line, as opposite to editing jmeter.properties,
>> i.e.
>> -Djavax.net.ssl.keyStoreType=PKCS12
>>
>> hope this helps
>> Ivan
>>
>> On Fri, Oct 14, 2016 at 12:35 PM, Stuart Barlow <stuart.barlow@gmail.com>
>> wrote:
>>
>> Hi
>>>
>>> In test environments self-signed certificates are common and they're not
>>> always created in the right way. I'm trying to connect via HTTPS Request
>>> to
>>> a website that uses a self-signed cert where the hostname is not
>>> correctly
>>> set inside the cert. The CN field has a value like "test-web-cert" and
>>> that
>>> cert is also used by two different domains. It's deployed for both
>>> https://www.test1.thirdpartywebsite.com and
>>> https://www.test2.thirdpartywe
>>> bsite.com
>>>
>>> I can access these websites from a browser and can view the certificate
>>> this way. The browser is more forgiving than JMeter. I tried exporting it
>>> from the browser and importing into the truststore used by JMeter (I set
>>> javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in
>>> system.properties) and also into the cacerts in my JRE lib/security
>>> folder.
>>> Both of these didn't work.
>>>
>>> I always see this in the Response Tab of a Results Tree:
>>>
>>> java.net.SocketTimeoutException: Read timed out
>>>         at java.net.SocketInputStream.socketRead0(Native Method)
>>>         at java.net.SocketInputStream.socketRead(SocketInputStream.java
>>> :116)
>>>         at java.net.SocketInputStream.read(SocketInputStream.java:170)
>>>         at java.net.SocketInputStream.read(SocketInputStream.java:141)
>>>         at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
>>>         at sun.security.ssl.InputRecord.read(InputRecord.java:503)
>>>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.
>>> java:973)
>>>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
>>> cketImpl.java:1375)
>>>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
>>> java:1403)
>>>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
>>> java:1387)
>>>         at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke
>>> t(SSLSocketFactory.java:573)
>>>         at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke
>>> t(SSLSocketFactory.java:447)
>>>         at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFact
>>> ory.createLayeredSocket(LazySchemeSocketFactory.java:121)
>>>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.
>>> updateSecureConnection(DefaultClientConnectionOperator.java:219)
>>>         at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerP
>>> rotocol(ManagedClientConnectionImpl.java:421)
>>>         at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionM
>>> anager$MeasuredConnection.layerProtocol(MeasuringConnectionM
>>> anager.java:152)
>>>         at org.apache.http.impl.client.DefaultRequestDirector.establish
>>> Route(DefaultRequestDirector.java:815)
>>>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnec
>>> t(DefaultRequestDirector.java:616)
>>>         at org.apache.http.impl.client.DefaultRequestDirector.execute(D
>>> efaultRequestDirector.java:447)
>>>         at org.apache.http.impl.client.AbstractHttpClient.doExecute(Abs
>>> tractHttpClient.java:884)
>>>         at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
>>> eableHttpClient.java:82)
>>>         at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
>>> eableHttpClient.java:55)
>>>         at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeR
>>> equest(HTTPHC4Impl.java:619)
>>>         at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(
>>> HTTPHC4Impl.java:379)
>>>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sam
>>> ple(HTTPSamplerProxy.java:74)
>>>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp
>>> le(HTTPSamplerBase.java:1146)
>>>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp
>>> le(HTTPSamplerBase.java:1135)
>>>         at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(
>>> JMeterThread.java:465)
>>>         at org.apache.jmeter.threads.JMeterThread.processSampler(JMeter
>>> Thread.java:410)
>>>         at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java
>>> :241)
>>>         at java.lang.Thread.run(Thread.java:745)
>>>
>>> My theory at the moment is that the SSL handshake is dropped because of
>>> hostname validation. I'm trying to connect to
>>> https://www.test1.thirdpartywebsite.com but the certificate contains
>>> value test-web-cert. They don't match so the connection is dropped. I'm
>>> able to use curl with the -k option to retrieve the content if that's
>>> relevant.
>>>
>>> Can anyone tell me if there is a way in JMeter to disable hostname
>>> validation during SSL Handshake?
>>>
>>>
>>> Thanks,
>>>
>>> Stuart
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message