gatling-3.0.0：javax.net.ssl.SSLHandshakeException：收到致命警报：bad_certificate

Question

我在 SBT 中使用 Gatling 3.0.0 作为插件，然后当我在 sbt 中使用 gatling:startRecorder 启动记录器并尝试访问我的网站 @ 987654322@火狐显示

Did Not Connect: Potential Security Issue
Firefox detected a potential security threat and did not continue to www.mydomain.com because this website requires a secure connection.

www.mydomain.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site 

这里是异常日志

ioEventLoopGroup-2-1] DEBUG io.netty.handler.ssl.util.InsecureTrustManagerFactory - Accepting a server certificate: CN=www.mydomain.com
14:44:55.604 [nioEventLoopGroup-4-2] DEBUG io.gatling.recorder.http.Mitm$ - Open new server channel
14:44:55.607 [nioEventLoopGroup-4-1] WARN io.netty.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
    at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:672)
    at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:627)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:443)
    at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:422)
    at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634)
    at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294)
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297)
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
    ... 16 common frames omitted
14:44:55.609 [recorder-akka.actor.default-dispatcher-4] DEBUG io.gatling.recorder.http.flows.SecuredNoProxyMitmActor - Server channel 6acf48e4 was closed while in Connected state, closing
14:44:55.622 [recorder-akka.actor.default-dispatcher-2] DEBUG io.gatling.recorder.http.flows.PlainNoProxyMitmActor - serverChannel=8d7b2171 received init request http://detectportal.firefox.com/success.txt, connecting
14:44:55.622 [recorder-akka.actor.default-dispatcher-2] DEBUG io.gatling.recorder.http.flows.PlainNoProxyMitmActor - Connecting to Remote(detectportal.firefox.com,80)
14:44:55.629 [recorder-akka.actor.default-dispatcher-4] INFO akka.actor.RepointableActorRef - Message [io.gatling.recorder.http.flows.MitmMessage$ClientChannelInactive] without sender to Actor[akka://recorder/user/$a#-1754914561] was not delivered. [1] dead letters encountered. If this is not an expected behavior, then [Actor[akka://recorder/user/$a#-1754914561]] may have terminated unexpectedly, This logging can be turned off or adjusted with configuration settings 'akka.log-dead-letters' and 'akka.log-dead-letters-during-shutdown'.
14:44:55.655 [nioEventLoopGroup-2-2] DEBUG io.gatling.recorder.http.Mitm$ - Open new client channel

Answer 1

您是如何在 Firefox 中配置代理的？您是否只有 http 或 https 的代理？如果您还代理 https 请求，那么在记录器设置中，您需要将“HTTPS 模式”切换为“证书颁发机构”。将有一个按钮生成新的证书授权文件，您需要将其导入浏览器（首选项/隐私和安全/证书/查看证书/导入）。之后，您的浏览器将知道它可以信任 Gatling 代理服务器，并且您应该也可以代理 ssl 请求。