Comments (47)
What is the exact use case?
from vegeta.
At the BBC we have a number of web services using SSL encryption (HTTPS) which the client can only communicate through with an SSL cert. JMeter and Tsung support such certification, but I am looking for a tool where I can write tests as code (not XML). I don't know enough about Go to add it in myself, but I intend to learn Go as I eventually want to contribute to an OS load-test tool.
from vegeta.
This functionality can be added relatively easily. I'll try to find the time to do it soon.
from vegeta.
Many Thanks.
from vegeta.
@AidyLewis: Please download the latest release and let me know if it solves your problem.
from vegeta.
Tested an endpoint without cert and I received a handshake failure in the results.
Tried a P12 which gave a bad cert.
converted p12 => pem with this command
$ openssl pkcs12 -nodes -in cert.p12 -out cert.pem
Again, I received a handshake failure.
using:
$ vegeta attack -duration=10s -rate=10 -targets=targets.txt -output=results.bin -cert=dev-cert.pem
I will try another .pem.
@AidyLewis
from vegeta.
Please include the inputs and outputs of your test runs. I suggest you run it as such:
echo "GET https://$HOSTNAME:$PORT" | vegeta attack -cert="$CERT" -duration=1s -rate=10 | tee results.bin | vegeta report
from vegeta.
Hi,
I've attempted every conceivable way of converting a p12 to pem.
echo "GET https://api.stage.bbc.co.uk/locator/locations?order=importance&s=NW9%207NT&a=true" | vegeta attack -cert="dev-cert.pem" -duration=1s -rate=10 | tee results.bin | vegeta report
2014/09/09 17:30:56 Vegeta is attacking 1 targets in random order for 1s...
2014/09/09 17:30:57 Done! Writing results to 'stdout'...
Requests [total] 10
Duration [total] 899.647219ms
Latencies [mean, 50, 95, 99, max] 107.159577ms, 20.537454ms, 280.954271ms, 280.954271ms, 382.503234ms
Bytes In [total, mean] 0, 0.00
Bytes Out [total, mean] 0, 0.00
Success [ratio] 0.00%
Status Codes [code:count] 0:10
Error Set:
Get https://api.stage.bbc.co.uk/locator/locations?order=importance&s=NW9%207NT&a=true: remote error: handshake failure
from vegeta.
I am no expert in openssl but have you converted the certificate with the following?
openssl pkcs12 -in cert.p12 -passin pass:password -out cert.pem
I presume you are able to connect to your server with openssl
directly. Is that the case?
from vegeta.
I have not forgotten about this, I'll re-attempt it again this afternoon.
from vegeta.
Hi,
I have managed to curl on the dev svn repo which uses ssl
curl --cert dev-cert.pem --cacert ca.pem https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/bake-scripts/set-up
But still unable to use the vegeta cert switch:
echo "GET https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/bake-scripts/set-up" | vegeta attack -cert="dev-cert.pem" -duration=1s -rate=10 | tee results.bin | vegeta report
....
Error Set:
Get https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/bake-scripts/set-up: remote error: handshake failure
Many Thanks
Aidy
from vegeta.
Historically, there have been a number of issues with SSL code in the Go standard library. I can only attempt to solve this if your provide me with a certificate to debug with.
from vegeta.
Hi @tsenart
It is impossible for me to provide you with a BBC cert, so the options are:
- I create a web application that uses SSL certification and generate my own certs
- Try to debug it myself.
I am learning Go at the moment, so I will have a go at debugging it myself (but it may take some time).
Many Thanks
Aidy
ps https://github.com/BBC/load-test-artefacts#vegeta
from vegeta.
I see in your tests you have a cert.pem and a key.pem. Do I need to pass these files separately? Also do I not need a ca.pem?
from vegeta.
What do you mean, you have to pass these files directly? Have a look at http://golang.org/pkg/crypto/tls/#LoadX509KeyPair which would be used for a server.
from vegeta.
It looks like we need to pass the public cert file and the private key separately. I currently have them bundled in one pem.
So wouldn't we need to do:
-certs public-cert.pem, private-key.pem
Which then get passed into LoadX509KeyPair function?
Aidy
from vegeta.
vegeta does not support ssl client certs.
See https://golang.org/pkg/crypto/tls/#Config
// Certificates contains one or more certificate chains
// to present to the other side of the connection.
// Server configurations must include at least one certificate.
Certificates []Certificate
but vegeta sets:
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
RootCAs *x509.CertPool
from vegeta.
@pascalhofmann: Contributions welcome! I'm quite busy the following weeks... :-)
from vegeta.
Sorry, I'm very busy too. :(
I ended up deactivating the client certificate check for the load testing…
from vegeta.
Is this just a matter of swapping the correct library in?
from vegeta.
@aidylewis: Would you mind building this branch and trying it out?
from vegeta.
Hi @tsenart
Brilliant. I will test it out tomorrow, while I am at work.
from vegeta.
@aidylewis: Any luck?
from vegeta.
I have been off sick with a cold. Will check first thing today. Many apologies.
from vegeta.
Oh please, don't apologize for that! Get well soon!
On Tue, 17 Nov 2015 at 08:33, aidylewis [email protected] wrote:
I have been off sick with a cold. Will check first thing today. Many
apologies.—
Reply to this email directly or view it on GitHub
#63 (comment).
from vegeta.
What would you consider to be the best way to install a branch? I was thinking of go getting the master, switching to the cert branch, and then doing an install.
from vegeta.
Made your life easier: https://github.com/tsenart/vegeta/releases/tag/v6.0.0-pre
from vegeta.
good man
from vegeta.
I can connect through wget, but not through vegata
$ Downloads wget --certificate=dev-cert.pem "https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/project.json"
--2015-11-17 14:09:51-- https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/project.json
Resolving repo.dev.bbc.co.uk... 212.58.247.19
Connecting to repo.dev.bbc.co.uk|212.58.247.19|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 175 [text/plain]
Saving to: 'project.json'
project.json 100%[=====================================================================================================================================================================>] 175 --.-KB/s in 0s
2015-11-17 14:09:51 (4.91 MB/s) - 'project.json' saved [175/175]
$ Downloads echo "GET https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/project.json" | ./vegeta attack -duration=2s -cert=dev-cert.pem | tee results.bin | ./vegeta report
Requests [total, rate] 100, 50.51
Duration [total, attack, wait] 6.043667687s, 1.97999991s, 4.063667777s
Latencies [mean, 50, 95, 99, max] 5.004173227s, 5.019698473s, 5.847646365s, 5.982105909s, 6.009408941s
Bytes In [total, mean] 0, 0.00
Bytes Out [total, mean] 0, 0.00
Success [ratio] 0.00%
Status Codes [code:count] 0:100
Error Set:
Get https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/project.json: remote error: handshake failure
from vegeta.
OK, let's try to figure this out over chat: https://gitter.im/tsenart/vegeta
from vegeta.
After @tsenart fix, I converted a p12 to a pem with the openssl command:
openssl pkcs12 -nodes -in /path/to/my/cert.p12 -out /pathto/my/cert.pem
This bundles the private key and public cert in the pem.
I then ran:
echo "GET https://whatever" | ./vegeta attack -duration=2s -cert=dev-cert.p12 -key=dev-cert.12 | tee results.bin | ./vegeta report
from vegeta.
@aidylewis: Can you download the pre release binaries again and try to use it without specifying the -key
flag?
from vegeta.
OK
from vegeta.
Yep, works
Downloads echo "GET https://repo.dev.bbc.co.uk/load-test-team/cloud-load-test/trunk/project.json" | ./vegeta attack -duration=2s -cert=dev-cert.pem | tee results.bin | ./vegeta report
Requests [total, rate] 100, 50.51
Duration [total, attack, wait] 2.042449332s, 1.979999923s, 62.449409ms
Latencies [mean, 50, 95, 99, max] 63.527419ms, 60.675998ms, 79.496796ms, 100.795968ms, 125.271955ms
Bytes In [total, mean] 17500, 175.00
Bytes Out [total, mean] 0, 0.00
Success [ratio] 100.00%
Status Codes [code:count] 200:100
Error Set:
Thanks for all you help @tsenart
from vegeta.
Great! :)
from vegeta.
And sorry for taking more than a year (!!!) to fix this.
from vegeta.
Hi @tsenart
I am receiving this error on a site: "x509: certificate signed by unknown authority"
Do I need to pass a ca.pem as well?
from vegeta.
That means that site's certificate isn't signed by any of the trusted CAs in your system. If you open that site in your browser, is it trusted?
from vegeta.
Good point. No.
from vegeta.
Well, then, what is the expected behaviour for you? Would you want a flag that disables certificate verification?
from vegeta.
I was too shy to ask, but that'd be nice.
In return I could write a BBC technology blog that includes Vegeta if you were interested and I don't mind giving a recurring "tip" as a thank you for your work.
from vegeta.
Hehe, don't be shy! You didn't need to offer me such thing, but I won't say
no :-) I'll try to have something ready by tomorrow.
On Thu, 26 Nov 2015 at 19:44, aidylewis [email protected] wrote:
I was too shy to ask, but that'd be nice.
In return I could write a BBC technology blog that includes Vegeta if you
were interested and I don't mind giving a recurring "tip" as a thank you
for your work.—
Reply to this email directly or view it on GitHub
#63 (comment).
from vegeta.
I'll ping you offline about the blog.
from vegeta.
Hi @tsenart
I cannot find your email on the internet. Mine is adrian dot lewis at bbc dot co dot uk.
from vegeta.
Even i am facing the same issue ."x509: certificate has expired or is not yet valid: current time". Tried accepting the certificates through browser to make it trusted but it didnt . Is the disable SSL verification option available in vegeta. Can you please calrify
from vegeta.
@sattishv I believe the flag that you need to disable SSL verification is insecure
. Set -insecure=true
and that should work for you.
from vegeta.
from vegeta.
Related Issues (20)
- Not that easy to install in a Github action? HOT 4
- Vegeta not working with ipv6 hosts HOT 3
- Panic in performance test HOT 2
- Add easyjson to ReadMe HOT 1
- Vegeta does not honour the connections flag when rate is 0 HOT 4
- add binaries download for windows 10/11 HOT 1
- Prometheus + Grafana Integration not working HOT 3
- Immediately stop vegeta while using go client HOT 4
- Add support for HAProxy ProxyProtocol
- I am getting a lot of HTTP zero in the results, how can I troubleshoot it?
- Latency is not being reported correctly on windows.
- How to change x-axis for the vegeta realtime?
- Why can’t I test this local custom domain name mapping service?
- ipv6 is being used on a client machine when not supported HOT 1
- Can the latest version be published on Go packages? HOT 1
- Officially call json input format JSON Lines? HOT 1
- keepalive flag isnt working HOT 6
- Limiting total number of requests HOT 4
- vegeta unable to write to files with -output
- TCP sockets opened lower than requested number of connections HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vegeta.