On 07/04/06, Sonam Chauhan <[EMAIL PROTECTED]> wrote: > Hello - > > Can JMeter 2.2.1's SSL engine be set to ignore expired SSL certs?
JMeter only uses the facilities provided by JSSE. Perhaps there is a property one can set? Might be worth checking the Sun Java web-site. If you do find anything (or anyone else knows) please let us know, and it can be added to the documentation. > When JMeter 2.2.1 makes SSL requests to a webserver with an expired SSL > certificates, all SSL connection attempts fail with a Java > CertificateExpiredException (see below). Having an unexpired SSL > certificate on the server fixes the problem. But, we use expired certs > on our internal test servers -- hence this question. > > The SSL provider in JMeter properties is set to the default (see below). > > Note: JMeter 1.9.1 showed different (and anomalous) behavior dealing > with the same expired certificates -- it gave out a misleading error and > only the first SSL connection would fail. See Bugzilla bug # 25505 I > filed in 2004: http://issues.apache.org/bugzilla/show_bug.cgi?id=25505 > > The error message in JMeter 2.2.1 is now accurate, and all HTTPS > connections (not just the first) fail consistently. So you may want to > close the 1.9.1 bug as WONTFIX? Thanks! > Sincerely, > Sonam Chauhan > -- > Corporate Express Australia Ltd. > Phone: +61-2-9335-0725, Email: [EMAIL PROTECTED] > > > FROM JMETER PROPERTIES > ======================== > #Classname of the ssl provider to be used (to enable testing of https > urls) > #And the package name where Stream Handlers can be found > #These provided defaults can be uncommented, and they will work if you > are using > #Sun's JSSE implementation. > > ssl.provider=com.sun.net.ssl.internal.ssl.Provider > #ssl.provider=iaik.security.jsse.provider.IAIKJSSEProvider > ssl.pkgs=com.sun.net.ssl.internal.www.protocol > > > > EXCEPTION MESSAGE > ================== > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateExpiredException: NotAfter: Sat Nov 12 > 10:22:14 EST 2005 > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Da > shoA6275) > at > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.co > nnect(DashoA6275) > at > org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.j > ava:424) > at > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl > erBase.java:514) > at > org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSampl > erBase.java:503) > at > org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:247) > at java.lang.Thread.run(Thread.java:534) > Caused by: java.security.cert.CertificateExpiredException: NotAfter: Sat > Nov 12 10:22:14 EST 2005 > at > sun.security.x509.CertificateValidity.valid(CertificateValidity.java:268 > ) > at > sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:564) > at > sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja > va:123) > at sun.security.validator.Validator.validate(Validator.java:202) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Das > hoA6275) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Das > hoA6275) > ... 14 more > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
