DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30741>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30741 JMeter does not prompt for cert passwords ------- Additional Comments From [EMAIL PROTECTED] 2004-09-23 22:59 ------- I am unsure whether the fix you propose is best. I cannot be sure from the peculiar logic of the existing 2.0.1 code for SSLManager.java exactly what behavior is desired. Do we want an internal default password, "password", if the user's input is null or zero-length? The _right_ thing to do should be governed by the failure mode which ultimately will occur if the password is wrong. As it stands, the user is never prompted for a password and presumably the internal default "password" is used. This seems to cause a null client certificate to be submitted to the server, leading to a silent failure (unless one sets "-Djavax.net.debug=ssl" in which case you get the rather unhelpful message "bad certificate"). One is left with little or no clues as to what is failing, unless he notices that the password prompt that should have occurred didn't. If leaving the password null (in the absence of valid user input) leads to an appropriate null-pointer exception, then that might be more helpful. I cannot imagine a situation where an internal default of "password" would be generally useful, except to avoid generating such a null-pointer exception. A more desireable scenario would be to somehow clue the user into the fact that the password for his keystore is not working (either he entered it wrong or not at all), and perhaps provide a means to correct the situation. I have not looked at the code to see where or how this might be accomplished. If such a feature is implemented, it will become entirely obvious what is best to do in initializing the "javax.net.ssl.keyStorePassword" property. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
