Hello Felix, Did you see this: https://travis-ci.org/apache/jmeter/jobs/460932992
I am not sure it's related to this commit but looks like. Regards On Sat, Nov 24, 2018 at 4:40 PM <[email protected]> wrote: > Author: fschumacher > Date: Sat Nov 24 15:40:02 2018 > New Revision: 1847368 > > URL: http://svn.apache.org/viewvc?rev=1847368&view=rev > Log: > Use different cn and type of SAN extension when we are generating > certificates based on IP addresses. > > Bugzilla Id: 62940 > > Modified: > jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java > jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java > jmeter/trunk/xdocs/changes.xml > > Modified: > jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java > URL: > http://svn.apache.org/viewvc/jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java?rev=1847368&r1=1847367&r2=1847368&view=diff > > ============================================================================== > --- jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java > (original) > +++ jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java Sat > Nov 24 15:40:02 2018 > @@ -30,6 +30,7 @@ import java.util.List; > > import org.apache.commons.io.FileUtils; > import org.apache.commons.lang3.SystemUtils; > +import org.apache.commons.lang3.math.NumberUtils; > import org.slf4j.Logger; > import org.slf4j.LoggerFactory; > > @@ -281,8 +282,8 @@ public class KeyToolUtils { > > private static void generateSignedCert(File keystore, String password, > int validity, String alias, String subject) throws > IOException { > - String dname = "cn=" + subject + ", o=JMeter Proxy (TEMPORARY > TRUST ONLY)"; > - String ext = "san=dns:" + subject; > + String dname = "cn=" + guardSubjectName(subject) + ", o=JMeter > Proxy (TEMPORARY TRUST ONLY)"; > + String ext = "san=" + chooseExtension(subject); > KeyToolUtils.genkeypair(keystore, alias, password, validity, > dname, ext); > //rem generate cert for DOMAIN using CA and import it > > @@ -302,6 +303,34 @@ public class KeyToolUtils { > } > > /** > + * The subject name of an certificate must not start with a number or > else the keytool will bark. > + * To mitigate this prefix the argument with a word, if it starts > with a number. > + * > + * @param subject name of the host or an IP address > + * @return a string that is safe to use as subject name > + */ > + private static String guardSubjectName(String subject) { > + if (NumberUtils.isDigits(subject.substring(0,1))) { > + return "ip" + subject; > + } > + return subject; > + } > + > + /** > + * The SAN (subject alternative name) includes the IP address or > hostname of the service, but the types > + * are different for IP address and hostname. > + * > + * @param subject name of the host or its IP address > + * @return prefixed extension > + */ > + private static String chooseExtension(String subject) { > + if (NumberUtils.isDigits(subject.substring(0,1))) { > + return "ip:" + subject; > + } > + return "dns:" + subject; > + } > + > + /** > * List the contents of a keystore > * > * @param keystore > > Modified: > jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java > URL: > http://svn.apache.org/viewvc/jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java?rev=1847368&r1=1847367&r2=1847368&view=diff > > ============================================================================== > --- jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java > (original) > +++ jmeter/trunk/test/src/org/apache/jorphan/exec/TestKeyToolUtils.java > Sat Nov 24 15:40:02 2018 > @@ -24,14 +24,35 @@ package org.apache.jorphan.exec; > > import static org.junit.Assert.fail; > > +import java.io.File; > import java.io.IOException; > import java.util.ArrayList; > import java.util.List; > > +import org.apache.commons.lang3.RandomStringUtils; > +import org.junit.After; > +import org.junit.Before; > import org.junit.Test; > > public class TestKeyToolUtils { > > + private File keystore; > + private String password = RandomStringUtils.randomAlphabetic(32); > + private int validity = 1; > + > + @Before > + public void setup() throws IOException { > + keystore = File.createTempFile("dummy-keystore", "jks"); > + keystore.deleteOnExit(); > + KeyToolUtils.generateProxyCA(keystore, password , validity ); > + } > + > + @After > + public void cleanup() { > + if (keystore.exists()) { > + keystore.delete(); > + } > + } > > /* > * Check the assumption that a missing executable will generate > @@ -51,4 +72,15 @@ public class TestKeyToolUtils { > } catch (IOException expected) { > } > } > + > + @Test > + public void testIPBasedCert() throws Exception { > + KeyToolUtils.generateHostCert(keystore, password, "10.1.2.3", > validity); > + } > + > + @Test > + public void testDNSNameBasedCert() throws Exception { > + KeyToolUtils.generateHostCert(keystore, password, > "www.example.invalid", validity); > + } > + > } > > Modified: jmeter/trunk/xdocs/changes.xml > URL: > http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1847368&r1=1847367&r2=1847368&view=diff > > ============================================================================== > --- jmeter/trunk/xdocs/changes.xml [utf-8] (original) > +++ jmeter/trunk/xdocs/changes.xml [utf-8] Sat Nov 24 15:40:02 2018 > @@ -149,6 +149,7 @@ of previous time slot as a base. Startin > <li><bug>62785</bug><pr>400</pr>Incomplete search path applied to the > filenames used in the upload functionality of the HTTP sampler. Implemented > by Artem Fedorov (artem.fedorov at blazemeter.com) and contributed by > BlazeMeter.</li> > <li><bug>62842</bug>HTTP(S) Test Script Recorder: Brotli compression > is not supported leading to "<code>Content Encoding Error</code>"</li> > <li><bug>60424</bug>Hessian Burlap application: JMeter inserts > <code>0x0D</code> before <code>0x0A</code> automatically (http binary post > data)</li> > + <li><bug>62940</bug>Use different <code>cn</code> and type of SAN > extension when we are generating certificates based on IP addresses.</li> > </ul> > > <h3>Other Samplers</h3> > > > -- Cordialement. Philippe Mouawad.
