Hi

In test environments self-signed certificates are common and they're not always created in the right way. I'm trying to connect via HTTPS Request to a website that uses a self-signed cert where the hostname is not correctly set inside the cert. The CN field has a value like "test-web-cert" and that cert is also used by two different domains. It's deployed for both https://www.test1.thirdpartywebsite.com and https://www.test2.thirdpartywebsite.com


I can access these websites from a browser and can view the certificate this way. The browser is more forgiving than JMeter. I tried exporting it from the browser and importing into the truststore used by JMeter (I set javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in system.properties) and also into the cacerts in my JRE lib/security folder. Both of these didn't work.

I always see this in the Response Tab of a Results Tree:

java.net.SocketTimeoutException: Read timed out
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
        at java.net.SocketInputStream.read(SocketInputStream.java:170)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:573) at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:447) at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.createLayeredSocket(LazySchemeSocketFactory.java:121) at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:219) at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:421) at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.layerProtocol(MeasuringConnectionManager.java:152) at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:815) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:616) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619) at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146) at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135) at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465) at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410)
        at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241)
        at java.lang.Thread.run(Thread.java:745)

My theory at the moment is that the SSL handshake is dropped because of hostname validation. I'm trying to connect to https://www.test1.thirdpartywebsite.com but the certificate contains value test-web-cert. They don't match so the connection is dropped. I'm able to use curl with the -k option to retrieve the content if that's relevant.

Can anyone tell me if there is a way in JMeter to disable hostname validation during SSL Handshake?


Thanks,

Stuart

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org

Reply via email to