Bug 63185 - LDAP related elements: Add option to implicitly trust SSL/TLS connections/Disable hostname verification
Summary: LDAP related elements: Add option to implicitly trust SSL/TLS connections/Dis...
Status: RESOLVED FIXED
Alias: None
Product: JMeter
Classification: Unclassified
Component: Main (show other bugs)
Version: 3.2
Hardware: All All
: P2 enhancement (vote)
Target Milestone: JMETER_5.1.1
Assignee: JMeter issues mailing list
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2019-02-17 20:54 UTC by Brian Wolfe
Modified: 2019-03-02 20:09 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Wolfe 2019-02-17 20:54:57 UTC
Hi,
I am looking for additional functionality regarding SSL connections. Specifically when doing LDAP load testing. Sometimes the servers I am working with have issues regarding their certificates or they are using custom certs and jmeter doesn't have the roots. In either case, it would be helpful to have an option to turn off hostname verification and cert path validity. In short have JMeter implicitly trust a connection to a server. The default behaviour should be that it does check those things, but we should have another checkbox next to the "Secure Connection?" that would ask us if we wanted to implicitly trust the connection. 

Pros:
* Allow for faster development of load testing scripts. 
* Remove the need to manage the SSL on remote jmeter-server instances
* Useful for HTTPS testing.

My specific case is with regards to testing LDAP using the extended ldap request sampler.

The best way I think this should be done would be to add a custom TrustManager instance and reference that when making any secure connections in jmeter if the option is turned on.

btw which ever version this is completed for does not matter for me. I am using 3.2 since that is the last one I downloaded. As far as I know the new versions do not have this feature either.
Comment 1 Brian Wolfe 2019-02-26 23:13:32 UTC
I created pull request #443 with branch 63185. This pull request addresses the LDAP trust all feature for the Extended LDAP Request Sampler. It is currently awaiting review and a decision on when the feature can be merged for a release.
Comment 2 Philippe Mouawad 2019-03-01 10:04:51 UTC
Author: pmouawad
Date: Fri Mar  1 10:03:02 2019
New Revision: 1854570

URL: http://svn.apache.org/viewvc?rev=1854570&view=rev
Log:
Bug 63185 - Add option to implicitly trust SSL/TLS connections/Disable hostname verification

Based on contribution by Brian Wolfe
Changes:

- Fixed existing NPE if log level is DEBUG if attr is null
- Fixed some SONAR warning
- Simplified code
- Modified TrustAllSocketFactory (renamed and fixed static attribute sf affectation from Constructor)


This closes #443
Bugzilla Id: 63185

Added:
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/TrustAllSocketFactory.java   (with props)
Modified:
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_es.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_pt_BR.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_tr.properties
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/config/gui/LdapExtConfigGui.java
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LDAPExtSampler.java
    jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/usermanual/build-ldapext-test-plan.xml
    jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 3 Philippe Mouawad 2019-03-01 10:08:01 UTC
Thanks wolfebrian2120  for your contribution.
It is now merged but I made modifications. Can you checkout the currently building jenkins if it's successful:
https://builds.apache.org/job/JMeter-trunk/

Test and give us feedback.

Also, it would be better to make in GUI, Trust All only enabled if "Use Secure LDAP Protocol" is enabled as it is only used then.

Thanks