Bypass SSL Certificate validation?

Gatling (Open-Source)
1

I am trying to isolate a performance problem in our application. I’m cutting bits of the architecture out piece by piece until the bizarre performance characteristics go away.

The challenge is the SSL certificates. I need to make it ignore any certificate issues and just work. Is there a gatling configuration or a java -D flag I can set that will do that? The equivalent of “curl -k”

The application has an F5 load balancer sitting in front of a security validation layer, that sits in front of another F5 load balancer, that sits in front of the application servers (that sit in front of a mongo database). I’m trying to cut out the first two pieces and go to the second load balancer.

If it helps, this is what I get:

java.security.cert.CertificateException: No name matching rtde-pvs.sys.cigna.com found

at sun.security.util.HostnameChecker.matchDNS(Unknown Source) ~[na:1.8.0_45]

at sun.security.util.HostnameChecker.match(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_45]

… 27 common frames omitted

Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_45]

at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_45]

at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_45]

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1392) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1255) ~[netty-3.10.3.Final.jar:na]

… 18 common frames omitted

Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_45]

at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_45]

at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_45]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.10.3.Final.jar:na]

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.10.3.Final.jar:na]

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_45]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_45]

at java.lang.Thread.run(Unknown Source) [na:1.8.0_45]

2

My bad. I had overridden http.ahc.acceptAnyCertificate in my gatling.conf. I have NO IDEA why. I changed it back to true, and things appear to be working fine. :slight_smile:

3

You had it set to false because unsafe re-negociation wouldn’t work for you until this commit: https://github.com/gatling/gatling/commit/637696e8fa9bde4f3e17b796fc91993dc87a62d6

4

That’s right. Thanks!