Le 11/09/2013 19:25, sebb a ecrit :
On 11 September 2013 18:59, Milamber <[email protected]> wrote:
I've made some test on my system (Linux Debian + GNOME (with network-manager
to manage proxy settings) + Oracle Java 7)
(and some tests with java 6 (without dynamic keys)
Thanks!
Test page: https://libcloud.apache.org/getting-started.html
What domains/hosts did you preset?
Some tests with *.apache.org
Some tests with empty field (individual certs)
(and some tests with bad domains like *.*, *, *.co.ma, *.org, *.com :
don't works (invalid domains)), and JMeter create/use individual certs)
* Firefox (Iceweasel) : OK
SSL warning is display, after accept, https elements are recording.
If you load the certificate, there should be no need to accept?
Yes of course, after import the CA pubkey, no warning, but *all* https
url are loaded (google, twitter) despite that I've set up HTTP Domains
to *.apache.org?
The proxyserver.jks (name to change?) contains
Alias name: api.twitter.com
Alias name: *.apache.org
Alias name: ssl.google-analytics.com
Alias name: :root_ca:
Alias name: :intermediate_ca:
Normal?
(note, i've remove *.csr, *.usr, and proxyserver.jks before each test)
(and the files .csr and .usr are only create with Java 7 - perhaps need
a info line in jmeter.log?)
(but: 2 or 3 samples with
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:820)
at
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
at
org.apache.jmeter.protocol.http.proxy.HttpRequestHdr.parse(HttpRequestHdr.java:117)
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:195)
in view Results Tree (under Proxy recorder)
I think that could be a timing issue.
I've sometimes seen this the first time a host is accessed.
It can take several seconds to create the certificate; this seems to
cause problems for some requests.
If you retry once the certificate has been created you may find it all works OK.
Yes all is ok after.
Milamber
* Chrome (proxy settings with network manager) : OK
SSL warning is display, after accept, https elements are recording.
Again, there should be no warning.
* Epiphany (Web browser include with GNOME) : OK
Without warning message, all HTTPS urls are loaded (with the temporary
certs) (apache.org, twitter, google elements)
==
In the special case when it's a java 6 runtime env and the HTTPS domains
field is disabled, we should perhaps add some tool tip text in label/field
to help the user to understand why the field is disable. (I will make this)
Good idea.
Milamber
Le 10/09/2013 01:52, sebb a ecrit :
Testing help still needed!
On 6 September 2013 23:09, sebb <[email protected]> wrote:
The Proxy server can now record embedded resources when used on Java 7.
It creates a CA and keystore as needed.
More work is needed:
- creating certs is fairly slow, so it would help if these were set up
before the test started.
This is now done in ProxyControl when the start button is pressed.
- the CA cert is not created until the first SSL request is received,
so the first browser request will fail. The certificate can then be
loaded and the recording restarted. This needs to be fixed
This has been fixed as above; pressing Start creates the CA if necessary.
The CA cert can now be installed before starting the recording.
- documentation
That still needs to be done, but it would help to know whether the
code works for others, not just on my system.
Initialising the keystore
---------------------------------
Ideally the CA cert needs to be created before the test starts, so it
can be loaded into the browser. However not all recordings use SSL, so
it seems wasteful to create the keystore if it won't then be used.
Also, creating additional host entries is quite slow, so it would be
useful to be able to specify these in advance.
One possible approach would be to add a new field to the GUI (Global
Settings has room) where the user could list the hosts/domains they
intend to test. [This would also signal that SSL proxying is required]
When the Proxy is started, it could then create the keys if necessary.
This would also create the certificate ready for the browser to load.
That has been implemented.
Note that Start can now take a minute or two the first time it is used.
Domains would be indicated by a leading "*." - e.g. *.apache.org.
It would be easy to match a host against a domain.
This would get round the issue that converting from host to domain is
tricky to do programmatically (there are lots of special cases).
Whereas the user presumably has a pretty good idea what domains they
are testing.
That has been implemented.
I hope to make a start on improving the code in a day or two; in the
meantime if there are any issues/suggestions please raise them here.
Feedback needed on the latest version.
Does it work OK for you?
What does not work well?
Are there any blockers (apart from docs) that mean it could not be
used for the next release of JMeter?
