Problems with SSL in Gatling Recorder
2,483 views
Skip to first unread message
Hank
Sep 24, 2013, 1:44:13 PM9/24/13
to gat...@googlegroups.com
Hi, I'm having problems with SSL in Gatling Recorder. I'm using Firefox in Mac OS X (because it allows me to use custom proxy settings). When I attempt to navigate to a secured site, I get a "This Connection is Untrusted" warning. Viewing the technical details gives the following message:
(Error code: sec_error_ca_cert_invalid)
When I attempt to add an exception, I receive a "No Information Available" message, and there's no way for me to confirm the security exception or import the gatling certificate. The following exception appears in my terminal window.
I'm using gatling-charts-highcharts-2.0.0-M3a-bundle. I've tried using the Mac OS X system proxy with both Google Chrome and Firefox and I'm getting the same behavior there. Any suggestions for getting this to work?
www.github.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for Gatling
When I attempt to add an exception, I receive a "No Information Available" message, and there's no way for me to confirm the security exception or import the gatling certificate. The following exception appears in my terminal window.
10:39:20.765 [WARN ] i.g.r.h.h.BrowserHttpsRequestHandler - Trying to connect to https://www.github.com:443, make sure you've accepted the recorder certificate for this site
10:39:20.783 [ERROR] i.g.r.h.h.BrowserHttpsRequestHandler - Exception caught
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884) ~[na:1.7.0_21]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) ~[na:1.7.0_21]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_21]
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1225) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:913) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) ~[netty-3.6.6.Final.jar:na]
at io.gatling.recorder.http.ssl.FirstEventIsUnsecuredConnectSslHandler.handleUpstream(FirstEventIsUnsecuredConnectSslHandler.scala:31) ~[gatling-recorder-2.0.0-M3a.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90) ~[netty-3.6.6.Final.jar:na]
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) ~[netty-3.6.6.Final.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_21]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_21]
at java.lang.Thread.run(Thread.java:722) [na:1.7.0_21]
I'm using gatling-charts-highcharts-2.0.0-M3a-bundle. I've tried using the Mac OS X system proxy with both Google Chrome and Firefox and I'm getting the same behavior there. Any suggestions for getting this to work?
Thanks,
Hank
Stéphane Landelle
Sep 24, 2013, 2:54:53 PM9/24/13
to gat...@googlegroups.com
Hi,
You probably have to remove github's certificate from Firefox's keystore, as explained here: https://github.com/excilys/gatling/wiki/Recorder#wiki-https
Cheers,
Stéphane
--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Hank
Sep 24, 2013, 4:23:50 PM9/24/13
to gat...@googlegroups.com
There doesn't seem to be a certificate for github in the Firefox keystore - there's a root certificate authority for DigiCert High Assurance EV CA-1, which is the authority that issues the Github certificate, but even deleting/distrusting that authority doesn't change the certificate behavior in Firefox - I go to add an exception and it gives me the "No information available" error.
Is there perhaps a place where I can get the Gatling cert file so I can try manually adding it to my trusted certificates list?
Thanks,
Is there perhaps a place where I can get the Gatling cert file so I can try manually adding it to my trusted certificates list?
Thanks,
Hank
Stéphane Landelle
Sep 24, 2013, 5:00:05 PM9/24/13
to gat...@googlegroups.com
Damn, this was possible a few weeks ago, Firefox probably changed that.
Until someone finds a solution, the only way I see is the HAR support: https://github.com/excilys/gatling/wiki/Gatling-2#wiki-recorder
Stéphane Landelle
Sep 26, 2013, 8:39:01 AM9/26/13
to gat...@googlegroups.com
I have no problems with other sites such as https://www.secure.bnpparibas.net.
I won't have the cycles to investigate this any time out. If you find out the reason why it doesn't work for github, please let us know.
Regards,
Stéphane
Reply all
Reply to author
Forward
0 new messages