|Summary:||Proxy SSL recording does not handle external embedded resources well|
|Component:||HTTP||Assignee:||JMeter issues mailing list <issues>|
Description Sebb 2013-08-29 21:42:23 UTC
When recording SSL via the proxy, the browser prompts the user to accept the certificate for any pages directly requested by the user. From then on any requests to the same host will proceed without intervention. However many web pages include embedded resources that are on different hosts - for example images are often served by different hosts. Browsers don't generally prompt the user when downloading such resources; the resource is silently ignored by the browser. It would be good if a workround could be found for this. For example, perhaps generate a page of links that the user could click in order to add the certificate exemptions.
Comment 1 Sebb 2013-09-03 02:02:34 UTC
It looks like there is a better solution: Create a self-signed CA cert. For each CONNECT seen by the JMeter Proxy, create a SSL certificate for the appropriate domain which is signed by the CA cert. A browser that trusts the CA cert will then accept the SSL certificates with no further intervention. The proxy only needs to create certs for each domain - e.g. *.apache.org will work for jmeter.apache.org and www.apache.org. These can be stored in the same JKS file. There is a description of the process here: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html "Generating Certificates for a Typical SSL Server" Unfortunately this requires Java 7, but given that this would only be needed for HTTPS recording, it seems worth adding (with fallback to the current system if Java 7 is not available). The generated test plan would still be usable on Java 6, so at worst it might be necessary to do the recording on a separate host which has Java 7.
Comment 2 Sebb 2013-09-04 00:54:23 UTC
URL: http://svn.apache.org/r1519890 Log: Proxy SSL recording does not handle external embedded resources well Part 1: Add methods to create the necessary certificate and keystore Bugzilla Id: 55507 Modified: jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java Still need to integrate the code into the Proxy server.
Comment 3 Sebb 2013-09-06 00:31:29 UTC
URL: http://svn.apache.org/r1520459 Log: Proxy SSL recording does not handle external embedded resources well Add method to create a host certificate (no wildcard) Bugzilla Id: 55507 Modified: jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
Comment 4 Sebb 2013-09-06 21:41:46 UTC
Making progress: URL: http://svn.apache.org/r1520704 Log: Proxy SSL recording does not handle external embedded resources well Add generation of keystores and aliases Bugzilla Id: 55507 Modified: jmeter/trunk/bin/jmeter.properties jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
Comment 5 Sebb 2013-09-10 00:08:54 UTC
URL: http://svn.apache.org/r1521320 Log: Proxy SSL recording does not handle external embedded resources well Reworked; setup is now done by ProxyControl on pressing Start TODO: better notification of progress of keystore init Bugzilla Id: 55507 Modified: jmeter/trunk/bin/jmeter.properties jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/ProxyControl.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/gui/ProxyControlGui.java
Comment 6 Sebb 2013-09-10 14:15:38 UTC
URL: http://svn.apache.org/r1521493 Log: Proxy SSL recording does not handle external embedded resources well Opera needs Root CA and a certificate chain Add export of certificate with .usr extension (Opera) Bugzilla Id: 55507 Modified: jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/ProxyControl.java
Comment 7 Milamber 2013-09-11 18:15:38 UTC
URL: http://svn.apache.org/r1521970 Log: Proxy SSL recording does not handle external embedded resources well Add text tool tip on HTTPS Domains field to indicate the Java 7 runtime requirement to use this behavior and some help text on the usage and comma separator when the field is enabled. Bugzilla Id: 55507 Modified: jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/gui/ProxyControlGui.java
Comment 8 Sebb 2013-09-21 13:37:41 UTC
URL: http://svn.apache.org/r1525234 Log: Proxy SSL recording does not handle external embedded resources well Clarify certificate names Display details of local certificate that user can check against Bugzilla Id: 55507 Modified: jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java jmeter/trunk/src/jorphan/org/apache/jorphan/util/JOrphanUtils.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/ProxyControl.java jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/gui/ProxyControlGui.java
Comment 9 Sebb 2013-10-05 12:04:45 UTC
URL: http://svn.apache.org/r1529439 Log: Proxy SSL recording does not handle external embedded resources well Update documentation Bugzilla Id: 55507 Modified: jmeter/trunk/docs/images/screenshots/proxy_control.png jmeter/trunk/xdocs/changes.xml jmeter/trunk/xdocs/images/screenshots/proxy_control.png jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 10 Philippe Mouawad 2013-11-23 14:36:23 UTC
Closing as this one is fixed