CERTIFICATE_VERIFY_FAILED issue while running bzt with -report

[Dina]

Scenario:

A test is being executed behind a corporate proxy which manipulates the SSL certs of HTTPs requests. i.e. the proxy injects its own root CA certs and intermediate certs for https requests, say, to https://a.blazemeter.com for reporting, the connection will be made but certificate will be replaced with my companies ca certs.

The script runs just fine because underlying jmeter script just works fine. Issue is when python tries connect to blazemeter.com to push the results (or for initial 'hello'). It throws the error because python doesn't trust CA ssl supplied by my proxy. This same error was also observed for pip, python package manager tool. Luckily it has an option to trust certain certificates, example: pip install <package> --cert <cert.pem>

Do we have something like --cert option for bzt?

Following error is what I encountered:

(venv-taurus) C:\Users\dinanathbasumatary\git\scripts\tests>

(venv-taurus) C:\Users\dinanathbasumatary\git\scripts\tests>bzt Test.yml -report

15:39:28 INFO: Taurus CLI Tool v1.11.0

15:39:28 INFO: Starting with configs: ['Test.yml']

15:39:28 INFO: Configuring...

15:39:28 INFO: Artifacts dir: C:\Users\dinanathbasumatary\git\scripts\tests\2018-05-30_15-39-28

.970400

15:39:29 INFO: Preparing...

15:39:32 WARNING: Thread group detection: plugin for ConcurrentThreadGroup not found, regular Thread

Group will be used

15:39:33 WARNING: Failed to detect plugins for C:\Users\dinanathbasumatary\git\scripts\scripts\

jmeter-scripts\modified_test.jmx: [WinError 2] The system cannot f

ind the file specified

15:39:35 ERROR: SSLError: HTTPSConnectionPool(host='a.blazemeter.com', port=443): Max retries exceed

ed with url: /api/v4/web/version (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] c

ertificate verify failed (_ssl.c:833)'),))

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\bzt\cli.py", line 249, in perf

orm

    self.engine.prepare()

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\bzt\engine.py", line 167, in p

repare

    self.__prepare_reporters()

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\bzt\engine.py", line 533, in _

_prepare_reporters

    module.prepare()

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\bzt\modules\blazemeter.py", li

ne 253, in prepare

    self._user.ping()  # to check connectivity and auth

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\bzt\bza.py", line 149, in ping

    self._request(self.address + '/api/v4/web/version')

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\bzt\bza.py", line 87, in _requ

est

    response = self.http_request(method=log_method, url=url, data=data, headers=headers, timeout=sel

f.timeout)

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\requests\sessions.py", line 50

8, in request

    resp = self.send(prep, **send_kwargs)

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\requests\sessions.py", line 61

8, in send

    r = adapter.send(request, **kwargs)

  File "c:\users\dinanathbasumatary\git\venv-taurus\lib\site-packages\requests\adapters.py", line 50

6, in send

    raise SSLError(e, request=request)

Any suggestion?

[Dina]

I reached out to blazemeter support team. Turns out Taurus officially doesn't support custom certs. I might look into the code and see if I can customize it to add a command line argument where certs to be trusted can be passed (like in pip)

[Dmitri Pribysh]

Hi,

I've added experimental support for client-side SSL certificates to Taurus in https://github.com/Blazemeter/taurus/pull/856

Can you give it a try? You can install it with

pip install git+https://github.com/Blazemeter/taurus.git@feat/ssl-cert

And then run bzt with the following command-line option: `-o settings.ssl-cert=cert.pem`

Please, give it a try and post the results here.

  Dimitri

--
You received this message because you are subscribed to the Google Groups "codename-taurus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to codename-taur...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/codename-taurus/7627d497-c327-47da-b626-7b3167ffaa6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dina]

Hi Dimitri,

Sorry for the late reply. I have done following but I am still getting an error.

1. Installed blazemeter from your branch.
2. Run blazemeter with from my test environment by providing ssl certificate. 

Error log (stripped out any sensitive info):

(taurus2) C:\Users\dinanathbasumatary\git\test-scripts\tests>bzt TEST.yml -report -o settings.ssl-cert=c:\temp\bundle.pem
10:26:35 INFO: Taurus CLI Tool v1.11.1
10:26:35 INFO: Starting with configs: ['TEST.yml']
10:26:35 INFO: Configuring...
10:26:36 INFO: Artifacts dir: C:\Users\dinanathbasumatary\git\test-scripts\tests\2018-06-19_10-26-36
.011349
10:26:36 INFO: Preparing...
10:26:39 WARNING: Thread group detection: plugin for ConcurrentThreadGroup not found, regular Thread
Group will be used
10:26:39 WARNING: Failed to detect plugins for C:\Users\dinanathbasumatary\git\test-scripts\scripts\
jmeter-cis-scripts\test-AppointmenAvailability.jmx: [WinError 2] The system cannot f
ind the file specified
10:26:39 WARNING: Module 'console' can be only used once, will merge all new instances into single
10:26:40 ERROR: SSLError: HTTPSConnectionPool(host='a.blazemeter.com', port=443): Max retries exceed
ed with url: /api/v4/web/version (Caused by SSLError(SSLError(336265225, '[SSL] PEM lib (_ssl.c:3414
)'),))
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\bzt\cli.py", line 249, in perform
    self.engine.prepare()
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\bzt\engine.py", line 173, in prepa
re
    self.__prepare_reporters()
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\bzt\engine.py", line 539, in __pre
pare_reporters
    module.prepare()
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\bzt\modules\blazemeter.py", line 2
54, in prepare
    self._user.ping()  # to check connectivity and auth
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\bzt\bza.py", line 153, in ping
    self._request(self.address + '/api/v4/web/version')
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\bzt\bza.py", line 91, in _request
    cert=self.ssl_cert)
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\requests\sessions.py", line 512, i
n request
    resp = self.send(prep, **send_kwargs)
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\requests\sessions.py", line 622, i
n send
    r = adapter.send(request, **kwargs)
  File "c:\users\dinanathbasumatary\git\taurus2\lib\site-packages\requests\adapters.py", line 511, i
n send
    raise SSLError(e, request=request)

Let me know if you need detailed log.

cheers,

Dina.

[Jar Rod]

There is a hack for this:

in "site-packages\bzt\bza.py" update the following:

Original: response = self.http_request(method=log_method, url=url, data=data, headers=headers, timeout=self.timeout)

Updated: response = self.http_request(method=log_method, url=url, data=data, headers=headers, timeout=self.timeout, verify=False)

You will see some ugly warnings in your console, but atleast you can get the report.

On Wednesday, May 30, 2018 at 4:09:02 PM UTC+10, Dina wrote:

[Andrey Pokhilko]

Hi,

In the next version of Taurus, we will have special option under proxy settings to disable SSL validation.

--

Andrey Pokhilko
Open Source Initiatives Leader

03.07.2018 09:12, Jar Rod пишет:

CAUTION: This email originated from outside of CA. Do not click links or open attachments unless you recognize the sender and know the content is safe.

--

You received this message because you are subscribed to the Google Groups "codename-taurus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to codename-taur...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/codename-taurus/dda58724-0d42-461a-889f-2817f9efda21%40googlegroups.com.

[rama...@gmail.com]

I still face the same issue. Could you please help?

[Andrey Pokhilko]

Hi,

The most recent version 1.12.1 has introduced some features for this. See doc here: http://gettaurus.org/docs/ConfigSyntax/#Top-Level-Settings

Looks like you need to set "ssl-cert: false".

--

Andrey Pokhilko
Open Source Initiatives Leader

12.07.2018 19:07, rama...@gmail.com пишет:

CAUTION: This email originated from outside of CA. Do not click links or open attachments unless you recognize the sender and know the content is safe.

--

You received this message because you are subscribed to the Google Groups "codename-taurus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to codename-taur...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/codename-taurus/2aa9e853-fa6e-4bb2-9f70-1a069d9a6de8%40googlegroups.com.