jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milamber <>
Subject Re: SSL Proxy recording - testing help needed
Date Wed, 11 Sep 2013 17:59:46 GMT

I've made some test on my system (Linux Debian + GNOME (with 
network-manager to manage proxy settings) + Oracle Java 7)
(and some tests with java 6 (without dynamic keys)

Test page:

* Firefox (Iceweasel) : OK
SSL warning is display, after accept, https elements are recording.

(but: 2 or 3 samples with Received fatal alert: bad_certificate
in view Results Tree (under Proxy recorder)

* Chrome (proxy settings with network manager) : OK
SSL warning is display, after accept, https elements are recording.

* Epiphany (Web browser include with GNOME) : OK
Without warning message, all HTTPS urls are loaded (with the temporary 
certs) (, twitter, google elements)


In the special case when it's a java 6 runtime env and the HTTPS domains 
field is disabled, we should perhaps add some tool tip text in 
label/field to help the user to understand why the field is disable. (I 
will make this)


Le 10/09/2013 01:52, sebb a ecrit :
> Testing help still needed!
> On 6 September 2013 23:09, sebb <> wrote:
>> The Proxy server can now record embedded resources when used on Java 7.
>> It creates a CA and keystore as needed.
>> More work is needed:
>> - creating certs is fairly slow, so it would help if these were set up
>> before the test started.
> This is now done in ProxyControl when the start button is pressed.
>> - the CA cert is not created until the first SSL request is received,
>> so the first browser request will fail. The certificate can then be
>> loaded and the recording restarted. This needs to be fixed
> This has been fixed as above; pressing Start creates the CA if necessary.
> The CA cert can now be installed before starting the recording.
>> - documentation
> That still needs to be done, but it would help to know whether the
> code works for others, not just on my system.
>> Initialising the keystore
>> ---------------------------------
>> Ideally the CA cert needs to be created before the test starts, so it
>> can be loaded into the browser. However not all recordings use SSL, so
>> it seems wasteful to create the keystore if it won't then be used.
>> Also, creating additional host entries is quite slow, so it would be
>> useful to be able to specify these in advance.
>> One possible approach would be to add a new field to the GUI (Global
>> Settings has room) where the user could list the hosts/domains they
>> intend to test. [This would also signal that SSL proxying is required]
>> When the Proxy is started, it could then create the keys if necessary.
>> This would also create the certificate ready for the browser to load.
> That has been implemented.
> Note that Start can now take a minute or two the first time it is used.
>> Domains would be indicated by a leading "*." - e.g. *
>> It would be easy to match a host against a domain.
>> This would get round the issue that converting from host to domain is
>> tricky to do programmatically (there are lots of special cases).
>> Whereas the user presumably has a pretty good idea what domains they
>> are testing.
> That has been implemented.
>> I hope to make a start on improving the code in a day or two; in the
>> meantime if there are any issues/suggestions please raise them here.
> Feedback needed on the latest version.
> Does it work OK for you?
> What does not work well?
> Are there any blockers (apart from docs) that mean it could not be
> used for the next release of JMeter?

View raw message