60546 – Bypass ssl certificate

Bug 60546 - Bypass ssl certificate

Summary: Bypass ssl certificate

Status:	NEEDINFO

Alias:	None

Product:	JMeter - Now in Github
Classification:	Unclassified
Component:	HTTP (show other bugs)
Version:	3.0
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	JMeter issues mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-01-03 15:50 UTC by maran88
Modified:	2021-03-30 14:15 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description maran88 2017-01-03 15:50:54 UTC

Hi!

I'm currently trying to test a web application and encountered a certificate error. 

According to the documentation all certificates should be accepted despite validity, but in my case the certificate is valid for https://www.example.com and I need to run tests for https://servername:port

In wget I get 

ERROR: cannot verify servernames's certificate, issued by `xx':
  Self-signed certificate encountered.
ERROR: certificate common name `example' doesn't match requested host name `servername'.
To connect to localhost insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

Which works when bypassing with the --no-check-certificate option.

In jmeter i get the following error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
	at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
	at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135)
	at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465)
	at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410)
	at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 28 more

Comment 1 Felix Schumacher 2017-01-03 19:09:33 UTC


*** This bug has been marked as a duplicate of bug 56357 ***

Comment 2 maran88 2017-01-05 12:23:48 UTC

This issue cannot be solved by the given workaround in ticket 56357. The issue is a certificate name missmatch. I.e. localhost vs www.example.com and not an issue with certificate algorithm or size.

Comment 3 Felix Schumacher 2021-03-30 14:15:45 UTC

The stacktrace shown is the same as in the linked duplicate, so I believe that you originally had two problems.

If the server has a different name in the certificate than the name, you are using for lookup, you can try to use a DNS config element in newer JMeter versions.

As this is a rather old issue, I tend to close it, if no one is arguing against it.

Comment 4 The ASF infrastructure team 2022-09-24 20:38:06 UTC

This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4215