Bug 60546 - Bypass ssl certificate
Summary: Bypass ssl certificate
Status: UNCONFIRMED
Alias: None
Product: JMeter
Classification: Unclassified
Component: HTTP (show other bugs)
Version: 3.0
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-03 15:50 UTC by maran88
Modified: 2017-01-05 12:23 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description maran88 2017-01-03 15:50:54 UTC
Hi!

I'm currently trying to test a web application and encountered a certificate error. 

According to the documentation all certificates should be accepted despite validity, but in my case the certificate is valid for https://www.example.com and I need to run tests for https://servername:port

In wget I get 

ERROR: cannot verify servernames's certificate, issued by `xx':
  Self-signed certificate encountered.
ERROR: certificate common name `example' doesn't match requested host name `servername'.
To connect to localhost insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

Which works when bypassing with the --no-check-certificate option.

In jmeter i get the following error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
	at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
	at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:619)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:379)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135)
	at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:465)
	at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:410)
	at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:241)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 28 more
Comment 1 Felix Schumacher 2017-01-03 19:09:33 UTC

*** This bug has been marked as a duplicate of bug 56357 ***
Comment 2 maran88 2017-01-05 12:23:48 UTC
This issue cannot be solved by the given workaround in ticket 56357. The issue is a certificate name missmatch. I.e. localhost vs www.example.com and not an issue with certificate algorithm or size.