Re: Curl-loader certificate handling [SEC=UNCLASSIFIED]

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Security:[SEC=UNCLASSIFIED]

Thanks Frank , 
you were correct about the IP addresses.  I didn't realize that they had to be valid routable addresses within our network.  It is connecting fine now.

>>> <Fra...@ma...> 10/02/09 16:38 >>>
Hi Ivor,

There is no issue for curl-loader to fetch https:// URL's with selfsigned 
ceritifcates. I used curl-loader against a SSL-apache2 with self-signed 
certs just fine.
curl-loader does not check for certificates, it applies the equivalent of 
curl -k:
loader.c:  curl_easy_setopt (handle, CURLOPT_SSL_VERIFYPEER, 0);
loader.c:  curl_easy_setopt (handle, CURLOPT_SSL_VERIFYHOST, 0);

However I fouond the most likely reasons for getting a URL timeout:
1. Your source IP's do not match. Before specifying any additional IP's 
set the local interface IP first as the only one and try it. I.e. if eth0=
194.90.71.215, set:

IP_ADDR_MIN=194.90.71.215
IP_ADDR_MAX=194.90.71.215

2. Proxy issues. Depending on your environment, libcurl might or might not 
pick up the proxy. Check with curl-loader options -d -v -u the output of 
the log file and check especially that the target URL used by curl-loader 
is the one you intend to use. Set/unset the proxy using the libcurl 
environment variables or the -x option in curl-loader. 

Also, it is good to start with a non-forms html page, something as simple 
as a static index.html. This way you can narrow down the isses until your 
config works. Running a parallel tcpdump window to check the connection 
might help, too, although with SSL you don't see the data.

Best Regards,
Frank

"Ivor Oorloff" <ivo...@co...> 
02/10/2009 08:43 AM
Please respond to
curl-loader-devel <cur...@li...>

To
<cur...@li...>
cc

Subject
Curl-loader certificate handling [SEC=UNCLASSIFIED]

Security:[SEC=UNCLASSIFIED]

Hi,
I was hoping to find a way to use curl-loader for load testing https 
websites that have a "testing" server certificate.  ie. the server 
certificate is self generated with no valid or trusted root CA.   This can 
be achieved in curl with the -k or --insecure option which ignores CA 
confirmation.  Is there a way to trigger this option in curl-loader?

I have run the same URL in curl with the -k option and can access it with 
no problem.
However curl-loader will not access the site.  (Works fine for non-ssl 
sites)
Curl and Curl-loader appear to use the same libraries: -

oracle@cedar-dev:~/curl-loader-0.46> ldd curl-loader
        linux-gate.so.1 =>  (0xffffe000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7f6f000)
        libpthread.so.0 => /lib/libpthread.so.0 (0xb7f5a000)
        librt.so.1 => /lib/librt.so.1 (0xb7f51000)
        libz.so.1 => /lib/libz.so.1 (0xb7f3f000)
        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7f01000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7dd9000)
        libc.so.6 => /lib/libc.so.6 (0xb7cb7000)
        /lib/ld-linux.so.2 (0xb7f89000)
oracle@cedar-dev:~/curl-loader-0.46> which curl
/usr/bin/curl
oracle@cedar-dev:~/curl-loader-0.46> ldd /usr/bin/curl
        linux-gate.so.1 =>  (0xffffe000)
        libcurl.so.3 => /usr/lib/libcurl.so.3 (0xb7f7e000)
        libidn.so.11 => /usr/lib/libidn.so.11 (0xb7f4e000)
        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7f11000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7de9000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7de4000)
        libz.so.1 => /lib/libz.so.1 (0xb7dd2000)
        libc.so.6 => /lib/libc.so.6 (0xb7cb0000)
        /lib/ld-linux.so.2 (0xb7fc8000)

Curl-loader gets a timeout condition as below:-

cedar-dev:/apps/oracle/curl-loader-0.46 # more 
login_uas_logoff_cycling.log
0 1 (194.90.71.215)  :== Info: About to connect() to 
pssamembersuat.comsuper.gov
.au port 443 (#0)
: eff-url: , url: 
0 1 (194.90.71.215)  :== Info:   Trying 152.91.36.101... : eff-url: , url: 

0 1 (194.90.71.215)  :== Info: Bind local address to 194.90.71.215
: eff-url: , url: 
0 1 (194.90.71.215)  :== Info: Local port: 45786
: eff-url: , url: 
0 1 (194.90.71.215)  !! ERROR: Connection time-out
: eff-url: , url: 
0 1 (194.90.71.215)  :== Info: Closing connection #0
: eff-url: , url: 
cedar-dev:/apps/oracle/curl-loader-0.46 # 

Conf file is:

########### GENERAL SECTION ################################
BATCH_NAME=login_uas_logoff_cycling
CLIENTS_NUM_MAX = 1
INTERFACE=eth1 
NETMASK=24 
IP_ADDR_MIN=194.90.71.215
IP_ADDR_MAX=194.90.71.216
CYCLES_NUM= 1
URLS_NUM=2

########### URL SECTION ##################################

### Login URL -  only once for each client

# GET-part
URL= https://pssamembersuat.comsuper.gov.au/ICSLogin/?" 
https://pssamembersuat.co 
msuper.gov.au/comsuper_uat/members/login/_ac_login_p1/AC/_pid/login_p1?action=lo
gin"
URL_SHORT_NAME="Login-GET"
URL_DONT_CYCLE = 1
REQUEST_TYPE=GET
TIMER_URL_COMPLETION = 0 # In msec. Now it is enforced by cancelling url 
fetch o
n timeout 
TIMER_AFTER_URL_SLEEP =0

# POST-part
URL=""
URL_USE_CURRENT= 1
URL_SHORT_NAME="Login-POST"
URL_DONT_CYCLE = 1
USERNAME=100000001614011961
PASSWORD=123123
REQUEST_TYPE=POST
FORM_USAGE_TYPE= SINGLE_USER
FORM_STRING= username=%s&password=%s # Means the same credentials for all 
client
s/users
TIMER_URL_COMPLETION = 0 # In msec. Now it is enforced by cancelling url 
fetch o
n timeout 
TIMER_AFTER_URL_SLEEP =500

Any help would be appreciated.

Ivor

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with 
Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code 
to
build responsive, highly engaging applications that combine the power of 
local
resources and data with the reach of the web. Download the Adobe AIR SDK 
and
Ajax docs to start building applications 
today-http://p.sf.net/sfu/adobe-com
_______________________________________________
curl-loader-devel mailing list
cur...@li... 
https://lists.sourceforge.net/lists/listinfo/curl-loader-devel 

As a ComSuper employee, you are responsible for ensuring any email content you store or pass on, conforms to the ComSuper email policy and guidelines(as found on the ComSuper Intranet). You are also responsible for ensuring that any solicited email conforms to this policy, particularly those concerning official conduct. Further processing maybe undertaken to ensure email complies with ComSuper policy and guidelines. Please note that if you misuse the ComSuper IT computing facilities a formal investigation under the ComSuper procedures for Managing Breaches of APS Code of Conduct maybe instituted. In the event a breach is found, a range of possible sanctions apply, including possible termination of employment.