Re: For the next release

Tue, 28 Aug 2012 12:24:11 -0700 


Le 28/08/2012 15:26, sebb a ecrit :

On 25 August 2012 15:22, Milamber<[email protected]>  wrote:

Hello,

For the next release, I propose:

a) Since JMeter 2.4 and the capabilities to record HTTPS request by JMeter
proxy, I propose to remove the options "Attempt HTTPS Spoofing" and "Only
spoof URLS matching" on the HTTP Proxy Server element.

OK.


b1) renew the JMeter self-certificat (current expire date is 2014-08-04, to
a long period (20 years)

Not so sure about that; it was deliberately chosen to expire so it
could not be forgotten.


Ok no changes




b2) Extract from the file proxyserver.jks the public (fake) key Apache
JMeter to a PEM format, in a file "proxyserver.pem".

OK


b3) Add some sentences in the proxy documentation to invite the user to add
this public key as  a trusted CA in their browser or OS's certificat manager
to permit the recording of a https session with JMeter proxy (and remove it
at the end of record).

I think that is a bad idea.
The fake key should never be added as trusted.
Far too easy for it to be accidentally left enabled.



In fact, even if we add the fake JMeter public key, in your trusted CA, 
we have a warning because they have a mismatching between the site name 
and common name of certificate.


Thus, the points b2 and b3 are no longer necessary.




(or Accept temporary the certificate from the browser)

OK.


c) Make HTTPClient 3.1 to the default HTTP Request (and Proxy generated
request)

Why not default to HC4 ?


To a progressive transition.

But I agree to make the HC4 the default (http request and cookie impl 
too). If everybody are ok?




HC3.1 is end-of-line and won't be developed further.



Perhaps, in 2-3 JMeter versions (for example the next major X.0 version, 
we can remove Java and HC3 impl (request/cookie), to focus on HC4)




If we don't feel we are ready to make HC4 the default, I think it
should be left unchanged.


If you are OK, I can make the changes for this points.

It would be easier to track these as separate Bugzilla issues.


I will put the tickets on bugzilla:
1) remove https spoofing and filter
2) change the default implementation to http request to HC4 (if ok)

Milamber




Thanks in advance for your feedback or your agree.

Milamber
























					Reply via email to