Disable Hostname verification for LDAP samplers

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable Hostname verification for LDAP samplers

Brian Wolfe
Hi, I am trying to write some tests using the Extended LDAP request
sampler. When using SSL ports I typically get some exceptions regarding
certificates. Is there some way to configure JMeter to ignore these errors.
I find it really painful to have to deal with X hostname does not match a
subject alt name, or some cert path validation error. Or having to procure
CA certs and import them into the local store.
Often times we just want to get a load test up an running to test
performance. This really hinders development time for load tests.

FYI we are running jmeter in a distributed mode across multiple servers. We
are also running on Oracle Java 1.8.0_171. Apache Jmeter 3.2r1790748

--
Thanks,
Brian Wolfe
https://www.linkedin.com/in/brian-wolfe-3136425a/
Reply | Threaded
Open this post in threaded view
|

Re: Disable Hostname verification for LDAP samplers

Felix Schumacher

Am 17.02.19 um 07:22 schrieb Brian Wolfe:
> Hi, I am trying to write some tests using the Extended LDAP request
> sampler. When using SSL ports I typically get some exceptions regarding
> certificates. Is there some way to configure JMeter to ignore these errors.
> I find it really painful to have to deal with X hostname does not match a
> subject alt name, or some cert path validation error. Or having to procure
> CA certs and import them into the local store.
> Often times we just want to get a load test up an running to test
> performance. This really hinders development time for load tests.

As far as I can see, this is not possible (yet) without modification of
JMeter.

You would have to add java.naming.ldap.factory.socket to the env
variable in the connect method of o.a.j.p.ldap.sampler.LdapExtClient
with the name of your own implementation of a
javax.net.ssl.SSLSocketFactory. That factory would have to ignore the
wrong host names.

Maybe you would like to open a feature request in our bug tracker or
even submit a patch.

> FYI we are running jmeter in a distributed mode across multiple servers. We
> are also running on Oracle Java 1.8.0_171. Apache Jmeter 3.2r1790748
What are your reasons for staying on version 3.2?

Regards,

  Felix


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Disable Hostname verification for LDAP samplers

Brian Wolfe
Hi Felix, thanks for your response. I have submitted an enhancement request
63185 <https://bz.apache.org/bugzilla/show_bug.cgi?id=63185>. I will take a
stab at adding the functionality I requested, but you guys probably have a
better understanding on how to do it and add the gui stuff.

As of right now I have no requirements to stay on 3.2. Its just what I had
lying around when I was building the test.

On Sun, Feb 17, 2019 at 4:23 AM Felix Schumacher <
[hidden email]> wrote:

>
> Am 17.02.19 um 07:22 schrieb Brian Wolfe:
> > Hi, I am trying to write some tests using the Extended LDAP request
> > sampler. When using SSL ports I typically get some exceptions regarding
> > certificates. Is there some way to configure JMeter to ignore these
> errors.
> > I find it really painful to have to deal with X hostname does not match a
> > subject alt name, or some cert path validation error. Or having to
> procure
> > CA certs and import them into the local store.
> > Often times we just want to get a load test up an running to test
> > performance. This really hinders development time for load tests.
>
> As far as I can see, this is not possible (yet) without modification of
> JMeter.
>
> You would have to add java.naming.ldap.factory.socket to the env
> variable in the connect method of o.a.j.p.ldap.sampler.LdapExtClient
> with the name of your own implementation of a
> javax.net.ssl.SSLSocketFactory. That factory would have to ignore the
> wrong host names.
>
> Maybe you would like to open a feature request in our bug tracker or
> even submit a patch.
>
> > FYI we are running jmeter in a distributed mode across multiple servers.
> We
> > are also running on Oracle Java 1.8.0_171. Apache Jmeter 3.2r1790748
> What are your reasons for staying on version 3.2?
>
> Regards,
>
>   Felix
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

--
Thanks,
Brian Wolfe
https://www.linkedin.com/in/brian-wolfe-3136425a/