Bug 64253

Summary: MailReaderSampler with SSL authentication
Product: JMeter Reporter: Tobias <wolf.Tobias>
Component: MainAssignee: JMeter issues mailing list <issues>
Status: NEW ---    
Severity: critical    
Priority: P2    
Version: 5.2.1   
Target Milestone: JMETER_5.3.0   
Hardware: PC   
OS: All   

Description Tobias 2020-03-21 10:22:46 UTC
The issue is regarding MailReaderSampler with SSL authentication enabled on server side. In Wireshark I see a lot of handshake failed messages, because Jmeter is sending back a SSL "Certificate" message with a zero length certificate.

        <MailReaderSampler guiclass="MailReaderSamplerGui" testclass="MailReaderSampler" testname="POP3 Sampler Port 995 " enabled="true">
          <stringProp name="host_type">pop3s</stringProp>
          <stringProp name="folder">INBOX</stringProp>
          <stringProp name="host">xx.xx.xx.xx</stringProp>
          <stringProp name="port">995</stringProp>
          <stringProp name="username">praxis.dr.moritz.nullmayr${__threadNum}@tsi.komle.telematik-test</stringProp>
          <stringProp name="password">gematik123</stringProp>
          <stringProp name="num_messages">10</stringProp>
          <boolProp name="delete">false</boolProp>
          <stringProp name="SMTPSampler.useSSL">true</stringProp>
          <stringProp name="SMTPSampler.useStartTLS">false</stringProp>
          <stringProp name="SMTPSampler.trustAllCerts">true</stringProp>
          <stringProp name="SMTPSampler.enforceStartTLS">false</stringProp>
          <stringProp name="SMTPSampler.useLocalTrustStore">false</stringProp>
          <stringProp name="SMTPSampler.trustStoreToUse"></stringProp>
          <stringProp name="SMTPSampler.tlsProtocols"></stringProp>
Comment 1 akovtunenko 2020-04-05 13:16:04 UTC
I  set mail.pop3.ssl.enable=true in jmeter.properties and updated trustore seems working for me .   maybe have to add patch
Comment 2 akovtunenko 2020-04-23 16:05:09 UTC
could check if this fix works for you https://github.com/apache/jmeter/pull/583/files ?
Comment 3 akovtunenko 2020-04-23 16:06:12 UTC
could you check if fix https://github.com/apache/jmeter/pull/583 works for you?
Comment 4 akovtunenko 2020-04-23 16:06:41 UTC
could you check if fix https://github.com/apache/jmeter/pull/583 works for you?
Comment 5 Felix Schumacher 2021-01-02 20:11:16 UTC
I think one of the (possible more than one) problems is, that we load a trust-store without a password (LocalTrustStoreSSLSocketFactory). That way, the SSLContext will not have access to any client certs (their private parts) that might be located inside the JKS file.

As JKS is going to be replaced by PKCS12 (or at least advised to be replaced), another addition to supporting a password for the trust-store (and thus making it a trust+key-store) would be to support other formats beside JKS.