Hi
In test environments self-signed certificates are common and they're
not always created in the right way. I'm trying to connect via HTTPS
Request to a website that uses a self-signed cert where the hostname is
not correctly set inside the cert. The CN field has a value like
"test-web-cert" and that cert is also used by two different domains.
It's deployed for both https://www.test1.thirdpartywebsite.com and
https://www.test2.thirdpartywebsite.com
I can access these websites from a browser and can view the certificate
this way. The browser is more forgiving than JMeter. I tried exporting
it from the browser and importing into the truststore used by JMeter (I
set javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in
system.properties) and also into the cacerts in my JRE lib/security
folder. Both of these didn't work.
I always see this in the Response Tab of a Results Tree:
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:170)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at
org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:573)
at
org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:447)
at
org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.createLayeredSocket(LazySchemeSocketFactory.java:121)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:219)
at
org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:421)
at
org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.layerProtocol(MeasuringConnectionManager.java:152)
at
org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:815)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:616)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619)
at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135)
at
org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465)
at
org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241)
at java.lang.Thread.run(Thread.java:745)
My theory at the moment is that the SSL handshake is dropped because of
hostname validation. I'm trying to connect to
https://www.test1.thirdpartywebsite.com but the certificate contains
value test-web-cert. They don't match so the connection is dropped. I'm
able to use curl with the -k option to retrieve the content if that's
relevant.
Can anyone tell me if there is a way in JMeter to disable hostname
validation during SSL Handshake?
Thanks,
Stuart
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
