[英]How to disable SSL hostname verification with Gatling and SSL two way
我正在嘗試通過兩種方式創建使用SSL的加特林測試,但無法禁用主機名驗證。 我正在使用Gatling 2.3。 這是我的加特林配置:
ssl {
keyStore {
type = "JKS"
file = "keystore.jks"
password = "changeit"
#algorithm = ""
}
trustStore {
type = "JKS"
file = "truststore.jks"
password = "changeit"
#algorithm = ""
}
}
ahc {
acceptAnyCertificate = true
....
}
我還在應用程序的開頭添加了此系統屬性
System.setProperty("jdk.tls.allowUnsafeServerCertChange", "true")
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")
我可以看到我的密鑰庫和trutstore已正確使用,但是我仍然遇到這個問題:
java.security.cert.CertificateException: No subject alternative DNS name matching <my_dns> found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1493)
... 28 common frames omitted
從Gatling SSL文檔中,您可以嘗試禁用SNI( -Djsse.enableSNIExtension=false
)。 但是,如果您確實需要SNI(SSL虛擬主機),則不需要這樣做,並且您需要編寫自己的HostNameVerifier編碼,盡管我不知道如何將其包含在Gatling中。
如果有人仍在尋找解決方案:此功能已在Gatling v3.0中實現。
相關配置參數為:
ahc {
enableSni = true # When set to true, enable Server Name indication (SNI)
enableHostnameVerification = false # When set to true, enable hostname verification: SSLEngine.setHttpsEndpointIdentificationAlgorithm("HTTPS")
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.