You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jmeter.apache.org by sebb <se...@gmail.com> on 2013/09/05 14:26:21 UTC

Proxy Server - choosing between user-provided keystore and auto-generated store

In order to implement Bug 55507 (SSL proxy & external embedded
resources) JMeter needs to create and manage its own keystore.

Now the Proxy Server has always supported a user-provided keystore, so
how should JMeter determine whether the user still wants to use their
own store?

The simplest might be to check If proxy.cert.file value is defined and
not the default.
If so, then either the user has renamed the JMeter keystore (seems
unlikely) or they have provided their own.

However, that would not cater for a user who merely replaced the
provided keystore and did not change any properties.

In which case the user would have to rename the file and define the property.
This is an incompatible change, but it seems unlikely that many users
will have created their own keystores, so I hope the impact will be
minimal.

An alternative would be to check whether the new proxy.cert.alias
property is defined.
This would avoid issues where the user has provided a keystore with
the same name but different location. Using the alias might be safer.

Thoughts?

Re: Proxy Server - choosing between user-provided keystore and auto-generated store

Posted by Milamber <mi...@apache.org>.

Le 05/09/2013 13:26, sebb a ecrit :
> In order to implement Bug 55507 (SSL proxy & external embedded
> resources) JMeter needs to create and manage its own keystore.
>
> Now the Proxy Server has always supported a user-provided keystore, so
> how should JMeter determine whether the user still wants to use their
> own store?
>
> The simplest might be to check If proxy.cert.file value is defined and
> not the default.
> If so, then either the user has renamed the JMeter keystore (seems
> unlikely) or they have provided their own.
>
> However, that would not cater for a user who merely replaced the
> provided keystore and did not change any properties.
>
> In which case the user would have to rename the file and define the property.
> This is an incompatible change, but it seems unlikely that many users
> will have created their own keystores, so I hope the impact will be
> minimal.
>
> An alternative would be to check whether the new proxy.cert.alias
> property is defined.
> This would avoid issues where the user has provided a keystore with
> the same name but different location. Using the alias might be safer.

Using the alias seems better, with some explanation in user's manual 
(and perhaps some info/warn messages in jmeter.log)


>
> Thoughts?
>