DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39279>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39279 Summary: Can JMeter ignore SSL certificate expiry? Product: JMeter Version: 2.2.1 Platform: All OS/Version: other Status: NEW Severity: normal Priority: P3 Component: HTTP AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Can JMeter have the option to ignore expired SSL certs when making HTTPS connections? When JMeter 2.2.1 makes SSL requests to a webserver with an expired SSL certificates, all SSL connection attempts fail with a Java CertificateExpiredException (see exception below). Having an unexpired SSL certificate on the server fixes the problem. However, many internal test servers use expired certs -- hence an option to ignore certificate expiry would be valuable. JMeter 1.9.1 showed different (and anomalous) behavior dealing with the same expired certificates -- it gave out the misleading error "HTTPS hostname wrong: should be <localhost>" error, and only the first SSL connection would fail. See Bugzilla bug # 25505. The error message in JMeter 2.2.1 is now accurate, and all HTTPS connections (not just the first) failing consistently with the exception below. As JMeter uses JSSE, I had a look at the Sun site, especially at this "Default Policy Implementation and Policy File Syntax" document -- no clues there: http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html EXCEPTION MESSAGE ================== javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Nov 12 10:22:14 EST 2005 at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Da shoA6275) at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.co nnect(DashoA6275) at org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j ava:424) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl erBase.java:514) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl erBase.java:503) at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:247) at java.lang.Thread.run(Thread.java:534) Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat Nov 12 10:22:14 EST 2005 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:268 ) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:564) at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja va:123) at sun.security.validator.Validator.validate(Validator.java:202) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Das hoA6275) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Das hoA6275) ... 14 more -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
