Author: sebb
Date: Wed Aug 5 23:58:28 2009
New Revision: 801473
URL: http://svn.apache.org/viewvc?rev=801473&view=rev
Log:
Bug 47622 - enable recording of HTTPS sessions
Many thanks to Milamber.
Added:
jakarta/jmeter/trunk/extras/proxycert.cmd (with props)
jakarta/jmeter/trunk/extras/proxycert.sh (with props)
Modified:
jakarta/jmeter/trunk/bin/jmeter.properties
jakarta/jmeter/trunk/build.xml
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/HttpRequestHdr.java
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/util/HTTPConstantsInterface.java
jakarta/jmeter/trunk/xdocs/changes.xml
jakarta/jmeter/trunk/xdocs/usermanual/best-practices.xml
jakarta/jmeter/trunk/xdocs/usermanual/component_reference.xml
jakarta/jmeter/trunk/xdocs/usermanual/get-started.xml
Modified: jakarta/jmeter/trunk/bin/jmeter.properties
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/bin/jmeter.properties?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
--- jakarta/jmeter/trunk/bin/jmeter.properties (original)
+++ jakarta/jmeter/trunk/bin/jmeter.properties Wed Aug 5 23:58:28 2009
@@ -419,6 +419,15 @@
# use command-line flags for user-name and password
#http.proxyDomain=NTLM domain, if required by HTTPClient sampler
+# SSL configuration
+#proxy.cert.directory=.
+#proxy.cert.file=proxyserver.jks
+#proxy.cert.type=JKS
+#proxy.cert.keystorepass=password
+#proxy.cert.keypassword=password
+#proxy.cert.factory=SunX509
+#proxy.ssl.protocol=SSLv3
+
#---------------------------------------------------------------------------
# HTTPSampleResponse Parser configuration
#---------------------------------------------------------------------------
Modified: jakarta/jmeter/trunk/build.xml
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/build.xml?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
--- jakarta/jmeter/trunk/build.xml (original)
+++ jakarta/jmeter/trunk/build.xml Wed Aug 5 23:58:28 2009
@@ -995,6 +995,8 @@
<include name="${dest.jar.jmeter}/mirror-server.*"/>
<include name="${dest.jar.jmeter}/shutdown.*"/>
<include name="${dest.jar.jmeter}/stoptest.*"/>
+ <!-- Fake SSL cert for JMeter proxy recorder in https -->
+ <include name="${dest.jar.jmeter}/proxyserver.jks"/>
<!-- Exclude any files that might be present from testing the release -->
<exclude name="${dest.jar.jmeter}/*.log"/>
<include name="${dest.jar}/"/>
Added: jakarta/jmeter/trunk/extras/proxycert.cmd
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/extras/proxycert.cmd?rev=801473&view=auto
==============================================================================
--- jakarta/jmeter/trunk/extras/proxycert.cmd (added)
+++ jakarta/jmeter/trunk/extras/proxycert.cmd Wed Aug 5 23:58:28 2009
@@ -0,0 +1,27 @@
+...@echo off
+
+
+rem Licensed to the Apache Software Foundation (ASF) under one or more
+rem contributor license agreements. See the NOTICE file distributed with
+rem this work for additional information regarding copyright ownership.
+rem The ASF licenses this file to You under the Apache License, Version 2.0
+rem (the "License"); you may not use this file except in compliance with
+rem the License. You may obtain a copy of the License at
+rem
+rem http://www.apache.org/licenses/LICENSE-2.0
+rem
+rem Unless required by applicable law or agreed to in writing, software
+rem distributed under the License is distributed on an "AS IS" BASIS,
+rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+rem See the License for the specific language governing permissions and
+rem limitations under the License.
+
+rem Generate proxyserver certificate for JMeter
+
+set DNAME="cn=JMeter Proxy, ou=JMeter, o=Apache Software Foundation, c=US"
+
+rem generate the keystore with the certificate
+keytool -genkey -alias jmeter -keystore proxyserver.jks -keypass password
-storepass password -validity 1825 -keyalg RSA -dname %DNAME%
+
+rem show the contents
+keytool -list -v -keystore proxyserver.jks -storepass password
Propchange: jakarta/jmeter/trunk/extras/proxycert.cmd
------------------------------------------------------------------------------
svn:eol-style = CRLF
Added: jakarta/jmeter/trunk/extras/proxycert.sh
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/extras/proxycert.sh?rev=801473&view=auto
==============================================================================
--- jakarta/jmeter/trunk/extras/proxycert.sh (added)
+++ jakarta/jmeter/trunk/extras/proxycert.sh Wed Aug 5 23:58:28 2009
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+
+
+## Generate proxyserver certificate for JMeter
+
+DNAME="cn=JMeter Proxy, ou=JMeter, o=Apache Software Foundation, c=US"
+
+## generate the keystore with the certificate
+keytool -genkey -alias jmeter -keystore proxyserver.jks -keypass password
-storepass password -validity 1825 -keyalg RSA -dname ${DNAME}
+
+## show the contents
+keytool -list -v -keystore proxyserver.jks -storepass password
Propchange: jakarta/jmeter/trunk/extras/proxycert.sh
------------------------------------------------------------------------------
svn:eol-style = LF
Modified:
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/HttpRequestHdr.java
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/HttpRequestHdr.java?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
---
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/HttpRequestHdr.java
(original)
+++
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/HttpRequestHdr.java
Wed Aug 5 23:58:28 2009
@@ -92,9 +92,12 @@
}
/**
- * Http Request method. Such as get or post.
+ * Http Request method, uppercased, e.g. GET or POST.
*/
private String method = ""; // $NON-NLS-1$
+
+ /** CONNECT url. */
+ private String paramHttps = ""; // $NON-NLS-1$
/**
* The requested url. The universal resource locator that hopefully
uniquely
@@ -192,15 +195,9 @@
if (log.isDebugEnabled()) {
log.debug("browser request: " + firstLine);
}
- if (!CharUtils.isAsciiAlphanumeric(firstLine.charAt(0))) {
- throw new IllegalArgumentException("Unrecognised header line
(probably used HTTPS)");
- }
StringTokenizer tz = new StringTokenizer(firstLine);
method = getToken(tz).toUpperCase(java.util.Locale.ENGLISH);
url = getToken(tz);
- if
(url.toLowerCase(java.util.Locale.ENGLISH).startsWith(HTTPConstants.PROTOCOL_HTTPS))
{
- throw new IllegalArgumentException("Cannot handle https URLS: " +
url);
- }
version = getToken(tz);
if (log.isDebugEnabled()) {
log.debug("parser input: " + firstLine);
@@ -208,9 +205,14 @@
log.debug("parsed url: " + url);
log.debug("parsed version:" + version);
}
- if ("CONNECT".equalsIgnoreCase(method)){
- throw new IllegalArgumentException("Cannot handle CONNECT -
probably used HTTPS");
+ // SSL connection
+ if (getMethod().startsWith(HTTPConstants.CONNECT)) {
+ paramHttps = url;
+ }
+ if (url.startsWith("/")) {
+ url = HTTPS + "://" + paramHttps + url; // $NON-NLS-1$
}
+ log.debug("First Line: " + url);
}
/*
@@ -401,7 +403,7 @@
if (log.isDebugEnabled()) {
log.debug("Proxy: setting path: " + sampler.getPath());
}
- if (numberRequests) {
+ if (!HTTPConstants.CONNECT.equals(getMethod()) && numberRequests) {
requestNumber++;
sampler.setName(requestNumber + " " + sampler.getPath());
} else {
@@ -416,7 +418,7 @@
// If it was a HTTP GET request, then all parameters in the URL
// has been handled by the sampler.setPath above, so we just need
// to do parse the rest of the request if it is not a GET request
- if(!HTTPConstants.GET.equals(method)) {
+ if((!HTTPConstants.CONNECT.equals(getMethod())) &&
(!HTTPConstants.GET.equals(method))) {
// Check if it was a multipart http post request
final String contentType = getContentType();
MultipartUrlConfig urlConfig = getMultipartConfig(contentType);
@@ -554,6 +556,15 @@
public String getUrl(){
return url;
}
+
+ /**
+ * Returns the method string extracted from the first line of the client
request.
+ *
+ * @return the method (will always be upper case)
+ */
+ public String getMethod(){
+ return method;
+ }
/**
* Returns the next token in a string.
Modified:
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
---
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
(original)
+++
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
Wed Aug 5 23:58:28 2009
@@ -21,13 +21,30 @@
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
+import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
-import java.net.UnknownHostException;
import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.HashMap;
import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.io.IOUtils;
import org.apache.jmeter.protocol.http.control.HeaderManager;
import org.apache.jmeter.protocol.http.parser.HTMLParseException;
import org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase;
@@ -64,7 +81,36 @@
private static final String PROXY_HEADERS_REMOVE_DEFAULT =
"If-Modified-Since,If-None-Match,Host"; // $NON-NLS-1$
private static final String PROXY_HEADERS_REMOVE_SEPARATOR = ","; //
$NON-NLS-1$
-
+
+ // for ssl connection
+ private static final String KEYSTORE_TYPE =
+ JMeterUtils.getPropDefault("proxy.cert.type", "JKS"); // $NON-NLS-1$
$NON-NLS-2$
+
+ private static final String KEYMANAGERFACTORY =
+ JMeterUtils.getPropDefault("proxy.cert.factory", "SunX509"); //
$NON-NLS-1$ $NON-NLS-2$
+
+ private static final String SSLCONTEXT_PROTOCOL =
+ JMeterUtils.getPropDefault("proxy.ssl.protocol", "SSLv3"); //
$NON-NLS-1$ $NON-NLS-2$
+
+ // HashMap to save ssl connection between Jmeter proxy and browser
+ private static HashMap hashHost = new HashMap();
+
+ // Proxy configuration SSL
+ private static final String CERT_DIRECTORY =
+ JMeterUtils.getPropDefault("proxy.cert.directory", "."); //
$NON-NLS-1$ $NON-NLS-2$
+
+ private static final String CERT_FILE =
+ JMeterUtils.getPropDefault("proxy.cert.file", "proxyserver.jks"); //
$NON-NLS-1$ $NON-NLS-2$
+
+ private static final char[] KEYSTORE_PASSWORD =
+ JMeterUtils.getPropDefault("proxy.cert.keystorepass",
"password").toCharArray(); // $NON-NLS-1$ $NON-NLS-2$
+
+ private static final char[] KEY_PASSWORD =
+
JMeterUtils.getPropDefault("proxy.cert.keypassword","password").toCharArray();
// $NON-NLS-1$ $NON-NLS-2$
+
+ // Use with SSL connection
+ private OutputStream outStreamClient = null;
+
static {
String removeList =
JMeterUtils.getPropDefault(PROXY_HEADERS_REMOVE,PROXY_HEADERS_REMOVE_DEFAULT);
headersToRemove =
JOrphanUtils.split(removeList,PROXY_HEADERS_REMOVE_SEPARATOR);
@@ -161,9 +207,28 @@
SampleResult result = null;
HeaderManager headers = null;
- try {
+ try {
+ // Now, parse only first line
request.parse(new
BufferedInputStream(clientSocket.getInputStream()));
-
+ outStreamClient = clientSocket.getOutputStream();
+
+ if ((request.getMethod().startsWith(HTTPConstants.CONNECT)) &&
(outStreamClient != null)) {
+ log.debug("Method CONNECT => SSL");
+ // write a OK reponse to browser, to engage SSL exchange
+ outStreamClient.write(("HTTP/1.0 200 OK\r\n\r\n").getBytes());
// $NON-NLS-1$
+ outStreamClient.flush();
+ // With ssl request, url is host:port (without https:// or path)
+ String[] param = request.getUrl().split(":"); // $NON-NLS-1$
+ if (param.length == 2) {
+ log.debug("Start to negotiate SSL connection, host: " +
param[0]);
+ clientSocket = startSSL(clientSocket, param[0]);
+ } else {
+ log.warn("In SSL request, unable to find host and port in
CONNECT request");
+ }
+ // Re-parse (now it's the http request over SSL)
+ request.parse(new
BufferedInputStream(clientSocket.getInputStream()));
+ }
+
// Populate the sampler. It is the same sampler as we sent into
// the constructor of the HttpRequestHdr instance above
request.getSampler(pageEncodings, formEncodings);
@@ -225,9 +290,17 @@
"To record https requests, see " +
"<a
href=\"http://jakarta.apache.org/jmeter/usermanual/component_reference.html#HTTP_Proxy_Server\";>HTTP
Proxy Server documentation</a>"));
result = generateErrorResult(result, e); // Generate result (if
nec.) and populate it
+ } catch (IOException ioe) {
+ log.error("Problem with SSL certificate? Ensure browser is set to
accept the JMeter proxy cert: "+ioe.getLocalizedMessage());
+ // won't work:
writeErrorToClient(HttpReplyHdr.formInternalError());
+ if (result == null) {
+ result = new SampleResult();
+ result.setSampleLabel("Sample failed");
+ }
+ result.setResponseMessage(ioe.getMessage()+ "\n**ensure browser is
set to accept the JMeter proxy certificate**");
} catch (Exception e) {
log.error("Exception when processing sample", e);
- writeErrorToClient(HttpReplyHdr.formTimeout());
+ writeErrorToClient(HttpReplyHdr.formInternalError());
result = generateErrorResult(result, e); // Generate result (if
nec.) and populate it
} finally {
if (log.isDebugEnabled()) {
@@ -253,6 +326,111 @@
sampler.threadFinished(); // Needed for HTTPSampler2
}
}
+
+ /**
+ * Get SSL connection from hashmap, creating it if necessary.
+ *
+ * @param host
+ * @return a ssl socket factory
+ * @throws IOException
+ */
+ private SSLSocketFactory getSSLSocketFactory(String host) throws
IOException {
+ synchronized (hashHost) {
+ if (hashHost.containsKey(host)) {
+ log.debug("Good, already in map, host=" + host);
+ return (SSLSocketFactory) hashHost.get(host);
+ }
+ InputStream in = getCertificate();
+ Exception except = null;
+ if (in != null) {
+ KeyStore ks = null;
+ KeyManagerFactory kmf = null;
+ SSLContext sslcontext = null;
+ try {
+ ks = KeyStore.getInstance(KEYSTORE_TYPE);
+ ks.load(in, KEYSTORE_PASSWORD);
+ kmf = KeyManagerFactory.getInstance(KEYMANAGERFACTORY);
+ kmf.init(ks, KEY_PASSWORD);
+ sslcontext = SSLContext.getInstance(SSLCONTEXT_PROTOCOL);
+ sslcontext.init(kmf.getKeyManagers(), null, null);
+ SSLSocketFactory sslFactory =
sslcontext.getSocketFactory();
+ hashHost.put(host, sslFactory);
+ log.info("KeyStore for SSL loaded OK and put host in map
("+host+")");
+ return sslFactory;
+ } catch (NoSuchAlgorithmException e) {
+ except=e;
+ } catch (KeyManagementException e) {
+ except=e;
+ } catch (KeyStoreException e) {
+ except=e;
+ } catch (UnrecoverableKeyException e) {
+ except=e;
+ } catch (CertificateException e) {
+ except=e;
+ } finally {
+ if (except != null){
+ log.error("Problem with SSL certificate",except);
+ }
+ IOUtils.closeQuietly(in);
+ }
+ } else {
+ throw new IOException("Unable to read keystore");
+ }
+ return null;
+ }
+ }
+
+ /**
+ * Negotiate a SSL connection.
+ *
+ * @param sock socket in
+ * @param host
+ * @return a new client socket over ssl
+ * @throws Exception if negotiation failed
+ */
+ private Socket startSSL(Socket sock, String host) throws IOException {
+ SSLSocketFactory sslFactory = getSSLSocketFactory(host);
+ SSLSocket secureSocket;
+ if (sslFactory != null) {
+ try {
+ secureSocket = (SSLSocket) sslFactory.createSocket(sock,
+ sock.getInetAddress().getHostName(), sock.getPort(),
true);
+ secureSocket.setUseClientMode(false);
+ if (log.isDebugEnabled()){
+ log.debug("SSL transaction ok with cipher: " +
secureSocket.getSession().getCipherSuite());
+ }
+ return secureSocket;
+ } catch (IOException e) {
+ log.error("Error in SSL socket negotiation: ", e);
+ throw e;
+ }
+ } else {
+ log.warn("Unable to negotiate SSL transaction, no keystore?");
+ throw new IOException("Unable to negotiate SSL transaction, no
keystore?");
+ }
+ }
+
+ /**
+ * Open the local certificate file.
+ *
+ * @return stream to key cert; null if there was a problem opening it
+ */
+ private InputStream getCertificate() {
+ File certFile = new File(CERT_DIRECTORY, CERT_FILE);
+ InputStream in = null;
+ final String certPath = certFile.getAbsolutePath();
+ if (certFile.exists() && certFile.canRead()) {
+ try {
+ in = new FileInputStream(certFile);
+ log.info("Opened Keystore file: "+certPath);
+ } catch (FileNotFoundException e) {
+ log.error("No server cert file found: "+certPath, e);
+ }
+ } else {
+ log.error("No server cert file found: "+certPath);
+ }
+ return in;
+ }
private SampleResult generateErrorResult(SampleResult result, Exception e)
{
if (result == null) {
Modified:
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/util/HTTPConstantsInterface.java
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/util/HTTPConstantsInterface.java?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
---
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/util/HTTPConstantsInterface.java
(original)
+++
jakarta/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/util/HTTPConstantsInterface.java
Wed Aug 5 23:58:28 2009
@@ -38,6 +38,7 @@
public static final String OPTIONS = "OPTIONS"; // $NON-NLS-1$
public static final String TRACE = "TRACE"; // $NON-NLS-1$
public static final String DELETE = "DELETE"; // $NON-NLS-1$
+ public static final String CONNECT = "CONNECT"; // $NON-NLS-1$
public static final String HEADER_AUTHORIZATION = "Authorization"; //
$NON-NLS-1$
public static final String HEADER_COOKIE = "Cookie"; // $NON-NLS-1$
public static final String HEADER_CONNECTION = "Connection"; // $NON-NLS-1$
Modified: jakarta/jmeter/trunk/xdocs/changes.xml
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/xdocs/changes.xml?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
--- jakarta/jmeter/trunk/xdocs/changes.xml (original)
+++ jakarta/jmeter/trunk/xdocs/changes.xml Wed Aug 5 23:58:28 2009
@@ -105,6 +105,7 @@
<h3>HTTP Samplers</h3>
<ul>
+<li>Bug 47622 - enable recording of HTTPS sessions</li>
</ul>
<h3>Other samplers</h3>
Modified: jakarta/jmeter/trunk/xdocs/usermanual/best-practices.xml
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/xdocs/usermanual/best-practices.xml?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
--- jakarta/jmeter/trunk/xdocs/usermanual/best-practices.xml (original)
+++ jakarta/jmeter/trunk/xdocs/usermanual/best-practices.xml Wed Aug 5
23:58:28 2009
@@ -95,10 +95,13 @@
If the browser works OK even if JMeter is not running, then the browser cannot
be using the proxy.
Some browsers ignore proxy settings for localhost or 127.0.0.1; try using the
local hostname or IP instead.
</p>
+<p>
+The error "unknown_ca" probably means that you are trying to record HTTPS, and
the browser has not accepted the
+JMeter Proxy server certificate.
+</p>
<!--TODO: Describe how to use this to record against one server[name]
and run against another. Actually, this particular example may be beter for
the HTTP Request Defaults...
a good similar example for the variables is http vs. https.-->
-<!--TODO: Hey! We need to mention that https is not supported and how to work
around that!-->
<!--SUMMARY of all TODO's above: we need some actual usage to identify best
practices
with this new features.-->
</section>
Modified: jakarta/jmeter/trunk/xdocs/usermanual/component_reference.xml
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
--- jakarta/jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
+++ jakarta/jmeter/trunk/xdocs/usermanual/component_reference.xml Wed Aug 5
23:58:28 2009
@@ -4233,8 +4233,6 @@
</component>
<component name="HTTP Proxy Server" index="§-num;.9.5" width="951"
height="611" screenshot="proxy_control.png">
-<note>The Proxy Server can only record HTTP traffic.
-It is not possible to record HTTPS (SSL) sessions; however there is an HTTPS
spoofing mode - see below.</note>
<description><p>The Proxy Server allows JMeter to watch and record your
actions while you browse your web application
with your normal browser. JMeter will create test sample objects and store
them
directly into your test plan as you go (so you can view samples interactively
while you make them).</p>
@@ -4243,8 +4241,21 @@
Select the WorkBench element in the tree, and right-click on this element to
get the
Add menu (Add --> Non-Test Elements --> HTTP Proxy Server).</p>
<p>
-You also need to set up your browser to use the JMeter proxy port as the proxy
for HTTP requests.
-Do not use JMeter as the proxy for any other request types - HTTPS, FTP, etc.
- as the JMeter proxy cannot handle them.
+You also need to set up your browser to use the JMeter proxy port as the proxy
for HTTP and HTTPS requests.
+Do not use JMeter as the proxy for any other request types - FTP, etc. - as
the JMeter proxy cannot handle them.
+</p>
+<p>
+When recording HTTPS, the JMeter proxy server uses a dummy certificate to
enable it to accept the SSL connection from
+the browser. This certificate is not one of the certificates that browsers
normally trust, and will not be for the
+correct host, so the browser should display a dialogue asking if you want to
accept the certificate or not. For example:
+<code>
+1) The server's name "www.example.com" does not match the certificate's name
+ "JMeter Proxy". Somebody may be trying to eavesdrop on you.
+2) The certificate for "JMeter Proxy" is signed by the unknown Certificate
Authority
+ "JMeter Proxy". It is not possible to verify that this is a valid
certificate.
+</code>
+You will need to accept the certificate in order to allow the JMeter Proxy to
intercept the SSL traffic in order to
+record it. You should only accept the certificate temporarily.
</p>
<note>
If your browser currently uses a proxy (e.g. a company intranet may route all
external requests via a proxy),
@@ -4258,6 +4269,7 @@
<property name="Name" required="No">Descriptive name for this
controller that is shown in the tree.</property>
<property name="Port" required="Yes">The port that the Proxy Server
listens to. 8080 is the default, but you can change it.</property>
<property name="Attempt HTTPS Spoofing" required="Yes">
+ [Note: HTTPS spoofing should no longer be required]
When you enable HTTPS spoofing, the following happens:
<ul>
<li>All matching (see below) http requests from the client are
turned into https (between the proxy
Modified: jakarta/jmeter/trunk/xdocs/usermanual/get-started.xml
URL:
http://svn.apache.org/viewvc/jakarta/jmeter/trunk/xdocs/usermanual/get-started.xml?rev=801473&r1=801472&r2=801473&view=diff
==============================================================================
--- jakarta/jmeter/trunk/xdocs/usermanual/get-started.xml (original)
+++ jakarta/jmeter/trunk/xdocs/usermanual/get-started.xml Wed Aug 5 23:58:28
2009
@@ -132,7 +132,7 @@
This is to allow the maximum flexibility in testing servers.</p>
<p>If the server requires a client certificate, this can be provided.</p>
<p>There is also the <complink name="SSL Manager"/>, for greater control of
certificates.</p>
-<note>The JMeter proxy server (see below) does not support recording SSL
(https).</note>
+<note>The JMeter proxy server (see below) supports recording HTTPS (SSL) in
versions after 2.3.4</note>
</subsection>
<subsection name="§-num;.2.5 JDBC Driver" anchor="opt_jdbc">
@@ -268,7 +268,7 @@
<p><b>Example</b>: jmeter -H my.proxy.server -P 8000 -u username -a password
-N localhost</p>
<p>Alternatively, you can use --proxyHost, --proxyPort, --username, and
--password</p>
<note>JMeter also has its own in-built <complink name="HTTP Proxy Server">HTTP
Proxy Server</complink>,
-which can be used for recording HTTP (but not HTTPS) browser sessions.
+which can be used for recording HTTP or HTTPS browser sessions.
This is not to be confused with the proxy settings described above, which are
used when JMeter makes HTTP or HTTPS requests itself.</note>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
