我正在尝试查询具有自签名证书的服务器上的HTTPS REST API。
我设置了一个HTTP请求并将其指向我的API。但是当我运行它时,我得到一个错误:
javax.net.ssl.SSLHandshakeException: Failed to parse server certificates
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
at sun.security.ssl.SSLHandshake.consume(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:91)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:404)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:935)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:646)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:66)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1296)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1285)
at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:638)
at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:558)
at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:489)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:256)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateParsingException: Empty issuer DN not allowed in X509Certificates
at sun.security.x509.X509CertInfo.parse(Unknown Source)
at sun.security.x509.X509CertInfo.<init>(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.<init>(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 34 more
字符串
如何禁用SSL证书解析和验证?
This question和this question都说JMeter不验证SSL证书。如果这是真的,那么我的服务器的X509证书显然是无效的这一事实就不会是一个问题。这些问题都是很老的问题了,所以可能不再是默认不验证的情况了
我尝试将此属性添加到我的jmeter.properties文件中,但没有任何区别:server.rmi.ssl.disable=true
。这是在上面的一个类似问题中提出的(尽管我不确定为什么在RMI中禁用SSL与HTTP有任何关系。)
如何让JMeter完全忽略我的https API请求的无效自签名证书?
最新的JMeter(5.4.1)和Java 8u311。
2条答案
按热度按时间k97glaaz1#
根据质量标准:
颁发者字段标识已签署和颁发证书的实体。颁发者字段必须包含非空的可分辨名称(DN)
在RFC术语中,MUST实际上是
MUST
必须这个词,或术语“必需”或“应”,意味着该定义是规范的绝对要求。
实际JMeter文档指出:
JMeter HTTP采样器被配置为接受所有证书,无论是否受信任,无论有效期如何等。这是为了在测试服务器时提供最大的灵活性。
所以我建议联系开发人员或系统管理员,请他们修复证书
如果由于某种原因不可能,您可以尝试在HTTP请求采样器中使用HTTP协议而不是HTTPS(或者更好的HTTP Request Defaults)
的数据
如果你的应用程序没有公开HTTP端点,你唯一能做的就是修补你的Java运行时并recompile它。
3okqufwl2#
尝试禁用防病毒..有时这是解决方案。