https://issues.apache.org/bugzilla/show_bug.cgi?id=53922

          Priority: P2
            Bug ID: 53922
          Assignee: [email protected]
           Summary: Using HTTPS with a Certificate not matching Host leads
                    to javax.net.ssl.SSLPeerUnverifiedException: peer not
                    authenticated
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: [email protected]
          Hardware: All
            Status: NEW
           Version: 2.6
         Component: HTTP
           Product: JMeter

See :
http://stackoverflow.com/questions/12538233/javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-when-load-testi

"So I have JMeter setup to test my SSL-enabled site (I've got a real
certificate from Geotrust, not a self-signed cert) and I've been running into
problems when I try testing an SSL connection directly from Tomcat. I get:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
    at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
    at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
    at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
    at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
    at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
    at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:277)
    at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)
    at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1060)
    at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1049)
    at
org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:442)
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:271)
    at java.lang.Thread.run(Thread.java:680)
"
whenever I try to connect. This is using JMeter 2.7 with the HttpClient4
implementation. It is a simple GET request to one of my services hosted on
Tomcat 7 (7.0.27 for anyone interested).

Here is my Tomcat config for my SSL connector. Note that I have APR/native
installed and this is running on an Ubuntu 12.04 server up on EC2.

<Connector port="8443" maxHttpHeaderSize="8192"
           protocol="HTTP/1.1" 
           URIEncoding="UTF-8" 
           acceptorThreadCount="5"
           maxThreads="400" 
           scheme="https"
           secure="true"
           SSLEnabled="true"
          
SSLCipherSuite="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
           SSLHonorCipherOrder="true"
           SSLVerifyClient="optional"
           SSLCertificateFile="/etc/tomcat7/ssl/star.example.com.crt"
           SSLCertificateKeyFile="/etc/tomcat7/ssl/star.example.com.key"
           SSLCertificateChainFile="/etc/tomcat7/ssl/geotrust.crt" />

User has setup:
ec2-50-17-85-212.compute-1.amazonaws.com:8443/hello 
or ec2-50-17-85-212.compute-1.amazonaws.com:9090/hello 
which can be used for testing externally. The SSL certificate is valid, but it
won't match the hostname since I don't have a DNS name for it. Regardless, this
should help illustrate the issue. The URL is for a simple "Hello, world!" REST
service that can be accessed via a standard GET. –





After some investigation issue seems to come from HttpClient, so I opened:
https://issues.apache.org/jira/browse/HTTPCLIENT-1234

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to