如何使用 Gatling 和 SSL 两种方式禁用 SSL 主机名验证
How to disable SSL hostname verification with Gatling and SSL two way
我正在尝试使用两种方式使用 SSL 创建 Gatling 测试,但我无法禁用主机名验证。我正在使用 Gatling 2.3。这是我的 Gatling 配置:
ssl {
keyStore {
type = "JKS"
file = "keystore.jks"
password = "changeit"
#algorithm = ""
}
trustStore {
type = "JKS"
file = "truststore.jks"
password = "changeit"
#algorithm = ""
}
}
ahc {
acceptAnyCertificate = true
....
}
我也在我的应用程序的开头添加了这个系统属性
System.setProperty("jdk.tls.allowUnsafeServerCertChange", "true")
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")
我可以看到我的密钥库和 trutstore 使用正确,但我一直遇到这个问题:
java.security.cert.CertificateException: No subject alternative DNS name matching <my_dns> found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1493)
... 28 common frames omitted
来自 Gatling SSL documentation you could try disabling SNI (-Djsse.enableSNIExtension=false). However, if you really need SNI (SSL virtual hosting) you don't want to do that, and you need to code your own HostNameVerifier 虽然我不知道如何将其包含在 Gatling 中。
如果有人还在寻找解决方案:此功能已在 Gatling 的 v3.0 中实现。
相关配置参数为:
ahc {
enableSni = true # When set to true, enable Server Name indication (SNI)
enableHostnameVerification = false # When set to true, enable hostname verification: SSLEngine.setHttpsEndpointIdentificationAlgorithm("HTTPS")
}
我正在尝试使用两种方式使用 SSL 创建 Gatling 测试,但我无法禁用主机名验证。我正在使用 Gatling 2.3。这是我的 Gatling 配置:
ssl {
keyStore {
type = "JKS"
file = "keystore.jks"
password = "changeit"
#algorithm = ""
}
trustStore {
type = "JKS"
file = "truststore.jks"
password = "changeit"
#algorithm = ""
}
}
ahc {
acceptAnyCertificate = true
....
}
我也在我的应用程序的开头添加了这个系统属性
System.setProperty("jdk.tls.allowUnsafeServerCertChange", "true")
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")
我可以看到我的密钥库和 trutstore 使用正确,但我一直遇到这个问题:
java.security.cert.CertificateException: No subject alternative DNS name matching <my_dns> found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1493)
... 28 common frames omitted
来自 Gatling SSL documentation you could try disabling SNI (-Djsse.enableSNIExtension=false). However, if you really need SNI (SSL virtual hosting) you don't want to do that, and you need to code your own HostNameVerifier 虽然我不知道如何将其包含在 Gatling 中。
如果有人还在寻找解决方案:此功能已在 Gatling 的 v3.0 中实现。
相关配置参数为:
ahc {
enableSni = true # When set to true, enable Server Name indication (SNI)
enableHostnameVerification = false # When set to true, enable hostname verification: SSLEngine.setHttpsEndpointIdentificationAlgorithm("HTTPS")
}