javax.net.ssl.SSLPeerUnverifiedException:使用 JMeter 进行负载测试时对等方未通过身份验证 [英] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated when load testing with JMeter

问题描述

所以我设置了 JMeter 来测试我的启用 SSL 的站点(我有一个来自 Geotrust 的真实证书，而不是一个自签名证书)，当我尝试直接从雄猫.我得到:

So I have JMeter setup to test my SSL-enabled site (I've got a real certificate from Geotrust, not a self-signed cert) and I've been running into problems when I try testing an SSL connection directly from Tomcat. I get:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:277)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1060)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1049)
    at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:442)
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:271)
    at java.lang.Thread.run(Thread.java:680)

每当我尝试连接时.这是将 JMeter 2.7 与 HttpClient4 实现一起使用.这是对我托管在 Tomcat 7 上的一项服务的简单 GET 请求(对于任何感兴趣的人，都是 7.0.27).

whenever I try to connect. This is using JMeter 2.7 with the HttpClient4 implementation. It is a simple GET request to one of my services hosted on Tomcat 7 (7.0.27 for anyone interested).

这是我的 SSL 连接器的 Tomcat 配置.请注意，我安装了 APR/native，它在 EC2 上的 Ubuntu 12.04 服务器上运行.

Here is my Tomcat config for my SSL connector. Note that I have APR/native installed and this is running on an Ubuntu 12.04 server up on EC2.

<Connector port="8443" maxHttpHeaderSize="8192"
           protocol="HTTP/1.1" 
           URIEncoding="UTF-8" 
           acceptorThreadCount="5"
           maxThreads="400" 
           scheme="https"
           secure="true"
           SSLEnabled="true"
           SSLCipherSuite="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
           SSLHonorCipherOrder="true"
           SSLVerifyClient="optional"
           SSLCertificateFile="/etc/tomcat7/ssl/star.example.com.crt"
           SSLCertificateKeyFile="/etc/tomcat7/ssl/star.example.com.key"
           SSLCertificateChainFile="/etc/tomcat7/ssl/geotrust.crt" />

同样，这只是 JMeter 的一个问题.我可以使用任何浏览器毫无问题地访问该站点，如果我将 Apache 放在 Tomcat 前面并使用 mod_proxy 或 mod_jk，我就没有问题.任何帮助将不胜感激.

Again this is just a problem with JMeter. I can hit the site without issue using any browsers, and if I stick Apache in front of Tomcat and use either mod_proxy or mod_jk, I have no issues. Any help would be appreciated.

推荐答案

在您的最后一条评论之后，我设法重现了证书与您的主机不匹配以及与您的主机匹配的证书的问题.

After your last comment, I managed to reproduce issue with certificate not matching your host AND with the one matching your host.

您似乎正面临 Java 6 中的错误.实际上，我使用 JMeter 2.7 重现了 JDK6 的问题，但没有重现 JDK7 的问题.

It seems you are facing a bug in Java 6. Indeed I reproduce issue with JDK6 but not in JDK7 with JMeter 2.7.

为了记录这个，我在这里打开了错误:

To record this I opened bug here:

• https://issues.apache.org/bugzilla/show_bug.cgi?id=53922

这里和 Oleg 给了我关于 JDK7 的提示:

And here and Oleg gave me the hint about JDK7 :

• https://issues.apache.org/jira/browse/HTTPCLIENT-1234

进一步分析您的配置，它可能来自您的自定义 tomcat7 配置:

Analysing further your configuration it might be coming from your custom tomcat7 config:

SSLCipherSuite="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
SSLHonorCipherOrder="true"

也许您可以尝试进行更改，但无论如何它都适用于 JDK7，因此您有自己的解决方案.

Maybe you could try a change, but anyway it works with JDK7 so you have your solution.

非常感谢您提出这个公开可用的 URL 来测试问题.

Thanks very much for proposing this publicly available URL to test issue.

谢谢

这篇关于javax.net.ssl.SSLPeerUnverifiedException:使用 JMeter 进行负载测试时对等方未通过身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！