You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@jmeter.apache.org by bu...@apache.org on 2017/01/03 15:50:54 UTC

[Bug 60546] New: Bypass ssl certificate

https://bz.apache.org/bugzilla/show_bug.cgi?id=60546

            Bug ID: 60546
           Summary: Bypass ssl certificate
           Product: JMeter
           Version: 3.0
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTTP
          Assignee: issues@jmeter.apache.org
          Reporter: maran88@gmail.com
  Target Milestone: ---

Hi!

I'm currently trying to test a web application and encountered a certificate
error. 

According to the documentation all certificates should be accepted despite
validity, but in my case the certificate is valid for https://www.example.com
and I need to run tests for https://servername:port

In wget I get 

ERROR: cannot verify servernames's certificate, issued by `xx':
  Self-signed certificate encountered.
ERROR: certificate common name `example' doesn't match requested host name
`servername'.
To connect to localhost insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

Which works when bypassing with the --no-check-certificate option.

In jmeter i get the following error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
        at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
        at
org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
        at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
        at
org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
        at
org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
        at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
        at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
        at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
        at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619)
        at
org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379)
        at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
        at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
        at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135)
        at
org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465)
        at
org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410)
        at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not
conform to algorithm constraints
        at
sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown
Source)
        at
sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown
Source)
        at
sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
        ... 28 more

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 60546] Bypass ssl certificate

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60546

maran88@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|1                           |0
             Status|RESOLVED                    |UNCONFIRMED
         Resolution|DUPLICATE                   |---

--- Comment #2 from maran88@gmail.com ---
This issue cannot be solved by the given workaround in ticket 56357. The issue
is a certificate name missmatch. I.e. localhost vs www.example.com and not an
issue with certificate algorithm or size.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 60546] Bypass ssl certificate

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60546

Felix Schumacher <fe...@internetallee.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |DUPLICATE
             Status|NEW                         |RESOLVED
                 OS|                            |All

--- Comment #1 from Felix Schumacher <fe...@internetallee.de> ---


*** This bug has been marked as a duplicate of bug 56357 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 60546] Bypass ssl certificate

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60546

juniorolalde55@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 60546] Bypass ssl certificate

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60546

Felix Schumacher <fe...@internetallee.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #3 from Felix Schumacher <fe...@internetallee.de> ---
The stacktrace shown is the same as in the linked duplicate, so I believe that
you originally had two problems.

If the server has a different name in the certificate than the name, you are
using for lookup, you can try to use a DNS config element in newer JMeter
versions.

As this is a rather old issue, I tend to close it, if no one is arguing against
it.

-- 
You are receiving this mail because:
You are the assignee for the bug.