hi,
No idea whether JMeter validates the hostname. I thought not, as I have
some tests that access the server by IP address, and the server certificate
has a hostname.
A couple of ideas to try to narrow down the problem

- check jmeter.log
You should see some INFO entries from jmeter.util.SSLManager, see if your
keystore and aliases are loaded as expected.
- java keytool problems
I once could not get the keytool to work (it might have been a OpenJDK on
Linux issue, I did not get around to try with Oracle JDK); I exported
certificate/key to a .p12 file instead and it worked.

Btw, for quicker troubleshooting, you can also pass all the SSL options
directly from the command line, as opposite to editing jmeter.properties,
i.e.
-Djavax.net.ssl.keyStoreType=PKCS12

hope this helps
Ivan

On Fri, Oct 14, 2016 at 12:35 PM, Stuart Barlow <stuart.bar...@gmail.com>
wrote:

> Hi
>
> In test environments self-signed certificates are common and they're not
> always created in the right way. I'm trying to connect via HTTPS Request to
> a website that uses a self-signed cert where the hostname is not correctly
> set inside the cert. The CN field has a value like "test-web-cert" and that
> cert is also used by two different domains. It's deployed for both
> https://www.test1.thirdpartywebsite.com and https://www.test2.thirdpartywe
> bsite.com
>
> I can access these websites from a browser and can view the certificate
> this way. The browser is more forgiving than JMeter. I tried exporting it
> from the browser and importing into the truststore used by JMeter (I set
> javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in
> system.properties) and also into the cacerts in my JRE lib/security folder.
> Both of these didn't work.
>
> I always see this in the Response Tab of a Results Tree:
>
> java.net.SocketTimeoutException: Read timed out
>         at java.net.SocketInputStream.socketRead0(Native Method)
>         at java.net.SocketInputStream.socketRead(SocketInputStream.java
> :116)
>         at java.net.SocketInputStream.read(SocketInputStream.java:170)
>         at java.net.SocketInputStream.read(SocketInputStream.java:141)
>         at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
>         at sun.security.ssl.InputRecord.read(InputRecord.java:503)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.
> java:973)
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
> cketImpl.java:1375)
>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
> java:1403)
>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
> java:1387)
>         at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke
> t(SSLSocketFactory.java:573)
>         at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke
> t(SSLSocketFactory.java:447)
>         at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFact
> ory.createLayeredSocket(LazySchemeSocketFactory.java:121)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.
> updateSecureConnection(DefaultClientConnectionOperator.java:219)
>         at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerP
> rotocol(ManagedClientConnectionImpl.java:421)
>         at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionM
> anager$MeasuredConnection.layerProtocol(MeasuringConnectionM
> anager.java:152)
>         at org.apache.http.impl.client.DefaultRequestDirector.establish
> Route(DefaultRequestDirector.java:815)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnec
> t(DefaultRequestDirector.java:616)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(D
> efaultRequestDirector.java:447)
>         at org.apache.http.impl.client.AbstractHttpClient.doExecute(Abs
> tractHttpClient.java:884)
>         at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
> eableHttpClient.java:82)
>         at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
> eableHttpClient.java:55)
>         at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeR
> equest(HTTPHC4Impl.java:619)
>         at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(
> HTTPHC4Impl.java:379)
>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sam
> ple(HTTPSamplerProxy.java:74)
>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp
> le(HTTPSamplerBase.java:1146)
>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp
> le(HTTPSamplerBase.java:1135)
>         at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(
> JMeterThread.java:465)
>         at org.apache.jmeter.threads.JMeterThread.processSampler(JMeter
> Thread.java:410)
>         at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java
> :241)
>         at java.lang.Thread.run(Thread.java:745)
>
> My theory at the moment is that the SSL handshake is dropped because of
> hostname validation. I'm trying to connect to
> https://www.test1.thirdpartywebsite.com but the certificate contains
> value test-web-cert. They don't match so the connection is dropped. I'm
> able to use curl with the -k option to retrieve the content if that's
> relevant.
>
> Can anyone tell me if there is a way in JMeter to disable hostname
> validation during SSL Handshake?
>
>
> Thanks,
>
> Stuart
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
> For additional commands, e-mail: user-h...@jmeter.apache.org
>
>

Reply via email to