Bug 55507 - Proxy SSL recording does not handle external embedded resources well
Proxy SSL recording does not handle external embedded resources well
Status: RESOLVED FIXED
Product: JMeter
Classification: Unclassified
Component: HTTP
2.9
All All
: P2 enhancement (vote)
: ---
Assigned To: JMeter issues mailing list
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-08-29 21:42 UTC by Sebb
Modified: 2013-11-23 14:36 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebb 2013-08-29 21:42:23 UTC
When recording SSL via the proxy, the browser prompts the user to accept the certificate for any pages directly requested by the user. From then on any requests to the same host will proceed without intervention.

However many web pages include embedded resources that are on different hosts - for example images are often served by different hosts.

Browsers don't generally prompt the user when downloading such resources; the resource is silently ignored by the browser.

It would be good if a workround could be found for this.

For example, perhaps generate a page of links that the user could click in order to add the certificate exemptions.
Comment 1 Sebb 2013-09-03 02:02:34 UTC
It looks like there is a better solution:

Create a self-signed CA cert.

For each CONNECT seen by the JMeter Proxy, create a SSL certificate for the appropriate domain which is signed by the CA cert. A browser that trusts the CA cert will then accept the SSL certificates with no further intervention.

The proxy only needs to create certs for each domain - e.g. *.apache.org will work for jmeter.apache.org and www.apache.org. These can be stored in the same JKS file.

There is a description of the process here:
http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html
"Generating Certificates for a Typical SSL Server"

Unfortunately this requires Java 7, but given that this would only be needed for HTTPS recording, it seems worth adding (with fallback to the current system if Java 7 is not available). The generated test plan would still be usable on Java 6, so at worst it might be necessary to do the recording on a separate host which has Java 7.
Comment 2 Sebb 2013-09-04 00:54:23 UTC
URL: http://svn.apache.org/r1519890
Log:
Proxy SSL recording does not handle external embedded resources well
Part 1: Add methods to create the necessary certificate and keystore
Bugzilla Id: 55507

Modified:
    jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java

Still need to integrate the code into the Proxy server.
Comment 3 Sebb 2013-09-06 00:31:29 UTC
URL: http://svn.apache.org/r1520459
Log:
Proxy SSL recording does not handle external embedded resources well
Add method to create a host certificate (no wildcard)
Bugzilla Id: 55507

Modified:
    jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
Comment 4 Sebb 2013-09-06 21:41:46 UTC
Making progress:

URL: http://svn.apache.org/r1520704
Log:
Proxy SSL recording does not handle external embedded resources well
Add generation of keystores and aliases
Bugzilla Id: 55507

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
Comment 5 Sebb 2013-09-10 00:08:54 UTC
URL: http://svn.apache.org/r1521320
Log:
Proxy SSL recording does not handle external embedded resources well
Reworked; setup is now done by ProxyControl on pressing Start
TODO: better notification of progress of keystore init
Bugzilla Id: 55507

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/ProxyControl.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/gui/ProxyControlGui.java
Comment 6 Sebb 2013-09-10 14:15:38 UTC
URL: http://svn.apache.org/r1521493
Log:
Proxy SSL recording does not handle external embedded resources well
Opera needs Root CA and a certificate chain
Add export of certificate with .usr extension (Opera)
Bugzilla Id: 55507

Modified:
    jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/ProxyControl.java
Comment 7 Milamber 2013-09-11 18:15:38 UTC
URL: http://svn.apache.org/r1521970
Log:
Proxy SSL recording does not handle external embedded resources well
Add text tool tip on HTTPS Domains field to indicate the Java 7 runtime requirement to use this behavior
and some help text on the usage and comma separator when the field is enabled.
Bugzilla Id: 55507

Modified:
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/gui/ProxyControlGui.java
Comment 8 Sebb 2013-09-21 13:37:41 UTC
URL: http://svn.apache.org/r1525234
Log:
Proxy SSL recording does not handle external embedded resources well
Clarify certificate names
Display details of local certificate that user can check against
Bugzilla Id: 55507

Modified:
    jmeter/trunk/src/jorphan/org/apache/jorphan/exec/KeyToolUtils.java
    jmeter/trunk/src/jorphan/org/apache/jorphan/util/JOrphanUtils.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/ProxyControl.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/gui/ProxyControlGui.java
Comment 9 Sebb 2013-10-05 12:04:45 UTC
URL: http://svn.apache.org/r1529439
Log:
Proxy SSL recording does not handle external embedded resources well
Update documentation
Bugzilla Id: 55507

Modified:
    jmeter/trunk/docs/images/screenshots/proxy_control.png
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/images/screenshots/proxy_control.png
    jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 10 Philippe Mouawad 2013-11-23 14:36:23 UTC
Closing as this one is fixed