Bypass SSL Certificate validation?

John Arrowwood

unread,

Jul 24, 2015, 5:57:44 PM7/24/15

to Gatling User Group

I am trying to isolate a performance problem in our application. I'm cutting bits of the architecture out piece by piece until the bizarre performance characteristics go away.

The challenge is the SSL certificates. I need to make it ignore any certificate issues and just work. Is there a gatling configuration or a java -D flag I can set that will do that? The equivalent of "curl -k"

The application has an F5 load balancer sitting in front of a security validation layer, that sits in front of another F5 load balancer, that sits in front of the application servers (that sit in front of a mongo database). I'm trying to cut out the first two pieces and go to the second load balancer.

If it helps, this is what I get:

java.security.cert.CertificateException: No name matching rtde-pvs.sys.cigna.com found

at sun.security.util.HostnameChecker.matchDNS(Unknown Source) ~[na:1.8.0_45]

at sun.security.util.HostnameChecker.match(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_45]

... 27 common frames omitted

Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_45]

at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_45]

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1392) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1255) ~[netty-3.10.3.Final.jar:na]

... 18 common frames omitted

Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_45]

at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_45]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.10.3.Final.jar:na]

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_45]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_45]

at java.lang.Thread.run(Unknown Source) [na:1.8.0_45]

John Arrowwood

unread,

Jul 24, 2015, 6:12:43 PM7/24/15

to Gatling User Group, jarr...@gmail.com

My bad. I had overridden http.ahc.acceptAnyCertificate in my gatling.conf. I have NO IDEA why. I changed it back to true, and things appear to be working fine. :)

Stéphane LANDELLE

unread,

Jul 25, 2015, 4:10:00 AM7/25/15

to gat...@googlegroups.com, John Arrowwood

You had it set to false because unsafe re-negociation wouldn't work for you until this commit: https://github.com/gatling/gatling/commit/637696e8fa9bde4f3e17b796fc91993dc87a62d6

Stéphane Landelle

Lead developer

slan...@gatling.io

--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

John Arrowwood

unread,

Jul 27, 2015, 1:50:23 PM7/27/15

to Gatling User Group, slan...@gatling.io

That's right. Thanks!

Reply all

Reply to author

Forward