On 2.2.3, my https scripts are raising a ‘j.n.ConnectException: General SSLEngine problem’ (same scripts are working fine in 2.2.2 tho’)
It looks like it is related to the hostname verification since I’ve got the following message in the log :
“java.security.cert.CertificateException: No subject alternative DNS name matching foo.bar.com found.”
The acceptAnyCertificate option is activated in gatling.conf
Is there another option to activate now ?
We’ll probably rename “acceptAnyCertificate”. It’s intended for supporting self-signed certificates, not accepting broken certificate deployments where the server uses a certificate that doesn’t match the hostname.
As I get it (can’t check without accessing the website), you fall in the latter case.
ok but what’s weird is that it works fine in 2.2.2.
Anyway, if acceptAnyCertificate is not designed to allow unmatching certifcate hostname, is there any other way to skip the hostname verification step ?
What are you doing exactly? Are you copying your prod certificate on your test platform?!
Actually, the CN of the certificates used by our http servers refer to the loadbalancer’s dns which is in front of our apache servers (on which we are injecting). The thing is in our test platform the dns of the server hosting the loadbalancer does not correspond to the certificate hostname. That’s why we need to be able to skip the hostname verification part.
We’ll introduce in the next major release an option to disable HTTPS algorithm on the SSLEngine.
In the meantime, you can deploy self signed certificates with proper CN.