Bug 63185

Summary: LDAP related elements: Add option to implicitly trust SSL/TLS connections/Disable hostname verification
Product: JMeter Reporter: Brian Wolfe <wolfebrian2120>
Component: MainAssignee: JMeter issues mailing list <issues>
Status: RESOLVED FIXED    
Severity: enhancement CC: p.mouawad
Priority: P2 Keywords: FixedInTrunk
Version: 3.2   
Target Milestone: JMETER_5.1.1   
Hardware: All   
OS: All   

Description Brian Wolfe 2019-02-17 20:54:57 UTC 
Hi,
I am looking for additional functionality regarding SSL connections. Specifically when doing LDAP load testing. Sometimes the servers I am working with have issues regarding their certificates or they are using custom certs and jmeter doesn't have the roots. In either case, it would be helpful to have an option to turn off hostname verification and cert path validity. In short have JMeter implicitly trust a connection to a server. The default behaviour should be that it does check those things, but we should have another checkbox next to the "Secure Connection?" that would ask us if we wanted to implicitly trust the connection. 

Pros:
* Allow for faster development of load testing scripts. 
* Remove the need to manage the SSL on remote jmeter-server instances
* Useful for HTTPS testing.

My specific case is with regards to testing LDAP using the extended ldap request sampler.

The best way I think this should be done would be to add a custom TrustManager instance and reference that when making any secure connections in jmeter if the option is turned on.

btw which ever version this is completed for does not matter for me. I am using 3.2 since that is the last one I downloaded. As far as I know the new versions do not have this feature either.
Comment 1 Brian Wolfe 2019-02-26 23:13:32 UTC 
I created pull request #443 with branch 63185. This pull request addresses the LDAP trust all feature for the Extended LDAP Request Sampler. It is currently awaiting review and a decision on when the feature can be merged for a release.
Comment 2 Philippe Mouawad 2019-03-01 10:04:51 UTC 
Author: pmouawad
Date: Fri Mar  1 10:03:02 2019
New Revision: 1854570

URL: http://svn.apache.org/viewvc?rev=1854570&view=rev
Log:
Bug 63185 - Add option to implicitly trust SSL/TLS connections/Disable hostname verification

Based on contribution by Brian Wolfe
Changes:

- Fixed existing NPE if log level is DEBUG if attr is null
- Fixed some SONAR warning
- Simplified code
- Modified TrustAllSocketFactory (renamed and fixed static attribute sf affectation from Constructor)


This closes #443
Bugzilla Id: 63185

Added:
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/TrustAllSocketFactory.java   (with props)
Modified:
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_es.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_pt_BR.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_tr.properties
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/config/gui/LdapExtConfigGui.java
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LDAPExtSampler.java
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/usermanual/build-ldapext-test-plan.xml
    jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 3 Philippe Mouawad 2019-03-01 10:08:01 UTC 
Thanks wolfebrian2120  for your contribution.
It is now merged but I made modifications. Can you checkout the currently building jenkins if it's successful:
https://builds.apache.org/job/JMeter-trunk/

Test and give us feedback.

Also, it would be better to make in GUI, Trust All only enabled if "Use Secure LDAP Protocol" is enabled as it is only used then.

Thanks