Improvements and alignment to JMeter for SSL KeyStore and TrustStore support.#112
Open
3dgiordano wants to merge 4 commits into
Open
Improvements and alignment to JMeter for SSL KeyStore and TrustStore support.#1123dgiordano wants to merge 4 commits into
3dgiordano wants to merge 4 commits into
Conversation
Baraujo25
approved these changes
Jun 10, 2026
diego-ferrand
approved these changes
Jun 10, 2026
3dgiordano
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request enhances SSL/TLS handling in the HTTP Jetty client for JMeter, focusing on robust and accurate support for filesystem keystore/truststore configuration, improved parity with JMeter’s SSLManager, and better test coverage for PKIX and trust-all scenarios. The main changes include introducing a utility for keystore path/type resolution, updating the SSL context factory to use this utility and override trust manager behavior, and adding comprehensive tests to verify these behaviors.
Keystore and Truststore Path/Type Resolution:
SslStorePathResolverutility to convertjavax.net.ssl.*store paths to Jetty-compatiblefile:URIs and to resolve keystore/truststore types based on file extension or system properties, matching JMeter’s logic.JMeterJettySslContextFactoryto useSslStorePathResolverfor setting keystore/truststore paths and types, including logging for debugging and handling of PKCS#11/NONE sentinel values. [1] [2]Trust Manager Handling and JMeter Parity:
getTrustManagersinJMeterJettySslContextFactoryto ensure that when "trust all" is enabled, Jetty usesTRUST_ALL_CERTS, preventing unwanted PKIX validation even when a keystore is configured, thus matching JMeter’s behavior.Logging and Debugging Improvements:
Test Coverage and Infrastructure:
JMeterJettySslContextFactoryto verify correct construction with file-based and PKCS#11 keystores, and to check trust manager behavior.SslPkixSimulationTest) to reproduce PKIX failures and verify that the new trust manager override logic prevents them, ensuring successful handshakes and HTTP/2 requests when expected.These changes significantly improve the reliability and correctness of SSL/TLS configuration and validation in the HTTP/2 Jetty client for JMeter, particularly in complex or edge-case environments.
References:
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]