Hi can you clarify what you mean. The JMeter Proxy is used for recording a script - as such the browser needs to be configured to send all requests to JMeter for it to record it - you typically dont want to exclude things here (if you did , you'd configure the browser to bypass the JMeter proxy for some hosts)
This is different from how JMeter/java itself needing a proxy to make its request successful (and Im guessing thats what you are referring to) http://jmeter.apache.org/usermanual/get-started.html#proxy_server see -N to ignore (not a 100% sure that this works with httpclient but you can test and see with different implementations) On Fri, Oct 28, 2016 at 3:35 AM, Stuart Barlow <stuart.bar...@gmail.com> wrote: > Hi Ivan, > > Thanks for your reply and the suggestions. I did give them all a try but > none worked. I eventually figured out what the problem is but might still > need some advice on how to handle it. > > There's an HTTP proxy in place in the intranet I work on and the website > I'm testing goes through the proxy for most things but for some pages (and > for some nested resources like images) there is a direct connection. > > In JMeter I don't see a way to tell it to ignore the proxy for particular > HTTP URL patterns. Does anyone know of a way to do this? Otherwise I'll > install my own local proxy instance and configure it to redirect the > requests as necessary. > > Stuart > > > On 14.10.2016 15:13, Ivan Rancati wrote: > >> hi, >> No idea whether JMeter validates the hostname. I thought not, as I have >> some tests that access the server by IP address, and the server >> certificate >> has a hostname. >> A couple of ideas to try to narrow down the problem >> >> - check jmeter.log >> You should see some INFO entries from jmeter.util.SSLManager, see if your >> keystore and aliases are loaded as expected. >> - java keytool problems >> I once could not get the keytool to work (it might have been a OpenJDK on >> Linux issue, I did not get around to try with Oracle JDK); I exported >> certificate/key to a .p12 file instead and it worked. >> >> Btw, for quicker troubleshooting, you can also pass all the SSL options >> directly from the command line, as opposite to editing jmeter.properties, >> i.e. >> -Djavax.net.ssl.keyStoreType=PKCS12 >> >> hope this helps >> Ivan >> >> On Fri, Oct 14, 2016 at 12:35 PM, Stuart Barlow <stuart.bar...@gmail.com> >> wrote: >> >> Hi >>> >>> In test environments self-signed certificates are common and they're not >>> always created in the right way. I'm trying to connect via HTTPS Request >>> to >>> a website that uses a self-signed cert where the hostname is not >>> correctly >>> set inside the cert. The CN field has a value like "test-web-cert" and >>> that >>> cert is also used by two different domains. It's deployed for both >>> https://www.test1.thirdpartywebsite.com and >>> https://www.test2.thirdpartywe >>> bsite.com >>> >>> I can access these websites from a browser and can view the certificate >>> this way. The browser is more forgiving than JMeter. I tried exporting it >>> from the browser and importing into the truststore used by JMeter (I set >>> javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in >>> system.properties) and also into the cacerts in my JRE lib/security >>> folder. >>> Both of these didn't work. >>> >>> I always see this in the Response Tab of a Results Tree: >>> >>> java.net.SocketTimeoutException: Read timed out >>> at java.net.SocketInputStream.socketRead0(Native Method) >>> at java.net.SocketInputStream.socketRead(SocketInputStream.java >>> :116) >>> at java.net.SocketInputStream.read(SocketInputStream.java:170) >>> at java.net.SocketInputStream.read(SocketInputStream.java:141) >>> at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) >>> at sun.security.ssl.InputRecord.read(InputRecord.java:503) >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl. >>> java:973) >>> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo >>> cketImpl.java:1375) >>> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. >>> java:1403) >>> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. >>> java:1387) >>> at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke >>> t(SSLSocketFactory.java:573) >>> at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke >>> t(SSLSocketFactory.java:447) >>> at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFact >>> ory.createLayeredSocket(LazySchemeSocketFactory.java:121) >>> at org.apache.http.impl.conn.DefaultClientConnectionOperator. >>> updateSecureConnection(DefaultClientConnectionOperator.java:219) >>> at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerP >>> rotocol(ManagedClientConnectionImpl.java:421) >>> at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionM >>> anager$MeasuredConnection.layerProtocol(MeasuringConnectionM >>> anager.java:152) >>> at org.apache.http.impl.client.DefaultRequestDirector.establish >>> Route(DefaultRequestDirector.java:815) >>> at org.apache.http.impl.client.DefaultRequestDirector.tryConnec >>> t(DefaultRequestDirector.java:616) >>> at org.apache.http.impl.client.DefaultRequestDirector.execute(D >>> efaultRequestDirector.java:447) >>> at org.apache.http.impl.client.AbstractHttpClient.doExecute(Abs >>> tractHttpClient.java:884) >>> at org.apache.http.impl.client.CloseableHttpClient.execute(Clos >>> eableHttpClient.java:82) >>> at org.apache.http.impl.client.CloseableHttpClient.execute(Clos >>> eableHttpClient.java:55) >>> at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeR >>> equest(HTTPHC4Impl.java:619) >>> at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample( >>> HTTPHC4Impl.java:379) >>> at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sam >>> ple(HTTPSamplerProxy.java:74) >>> at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp >>> le(HTTPSamplerBase.java:1146) >>> at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp >>> le(HTTPSamplerBase.java:1135) >>> at org.apache.jmeter.threads.JMeterThread.executeSamplePackage( >>> JMeterThread.java:465) >>> at org.apache.jmeter.threads.JMeterThread.processSampler(JMeter >>> Thread.java:410) >>> at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java >>> :241) >>> at java.lang.Thread.run(Thread.java:745) >>> >>> My theory at the moment is that the SSL handshake is dropped because of >>> hostname validation. I'm trying to connect to >>> https://www.test1.thirdpartywebsite.com but the certificate contains >>> value test-web-cert. They don't match so the connection is dropped. I'm >>> able to use curl with the -k option to retrieve the content if that's >>> relevant. >>> >>> Can anyone tell me if there is a way in JMeter to disable hostname >>> validation during SSL Handshake? >>> >>> >>> Thanks, >>> >>> Stuart >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org >>> For additional commands, e-mail: user-h...@jmeter.apache.org >>> >>> >>> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org > For additional commands, e-mail: user-h...@jmeter.apache.org > >