[prev in list] [next in list] [prev in thread] [next in thread]
List: grinder-development
Subject: [Grinder-development] =?windows-1256?q?HTTPConnection_Incorrectly?=
From: Nathan Hook <hooknc () hotmail ! com>
Date: 2010-03-19 23:19:07
Message-ID: SNT103-W37B6197A138E468AF4EDC2C12A0 () phx ! gbl
[Download RAW message or body]
My company's site uses a Unified Communication SSL Certificate from Digicert and \
causes the following exception in The Grinder when we try to access our site via SSL: \
Java exception calling TestRunner
request2.GET('http://xxxAlternative NameXXX');
File "C:\java\src\Grinder-Test\src\grinder.py", line 25, in __call__
Caused by: javax.net.ssl.SSLException: Name in certificate `xxxPrincipal \
Distinguished Namexxx' does not match host name `xxxAlternative NameXXX' at \
HTTPClient.HTTPConnection.checkCert(HTTPConnection.java:3549) at \
HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3110) at \
HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2876) at \
HTTPClient.HTTPResponse.handleResponse(HTTPResponse.java:775) at \
HTTPClient.HTTPResponse.getData(HTTPResponse.java:510) at \
net.grinder.plugin.http.HTTPRequest$AbstractRequest.getHTTPResponse(HTTPRequest.java:1222)
Below is a possible fix. The fix was not tested, or compiled.
Thank you for your time.
private static void checkCert(X509Certificate cert, String host)
throws IOException
{
String name;
try
{
name = ((sun.security.x509.X500Name) cert.getSubjectDN()).
getCommonName().toLowerCase();
}
catch (Throwable t)
{ return; } // Oh well, can't check the name in that case
if (checkCertPrincipal(cert, host) || checkCertAlternativeNames(cert, host))
return;
throw new SSLException("Name in certificate `" + name + "' does not " +
"match host name `" + host + "'");
}
private static boolean checkCertPrincipal(X509Certificate cert, String host) {
boolean result = false;
X500Principal x500Principal = cert.getSubjectX500Principal();
String name = x500Principal.getName();
name = name.toLowerCase();
if (Util.wildcardMatch(name, host)) {
result = true;
}
return result;
}
private static boolean checkCertAlternativeNames(X509Certificate cert, String \
host) {
boolean result = false;
Collection<List> alternativeNames = cert.getSubjectAlternativeNames();
for(List list : alternativeNames) {
String name = list.get(0);
name = name.toLowerCase();
if (Util.wildcardMatch(name, host)) {
result = true;
break;
}
}
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/210850553/direct/01/
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Grinder-development mailing list
Grinder-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/grinder-development
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic