wiremock: SSL exceptions when proxying requests

Bug reports

We’re a lot more likely to look at and fix bugs that are clearly described and reproduceable. Please including the following details when reporting a bug:

  • Which version of WireMock you’re using: 2.26.3
  • How you’re starting and configuring WireMock, including configuration or CLI the command line: docker-compose to run wiremock and Dockerfile to build wiremock image are provided in github repo
  • A failing test case that demonstrates the problem: there are two curl commands in the readme file. Please run it one by one couple times.

Hello, First of all, thank you all for the awesome software! I have an issue when using wiremock together with haproxy which is responsible for proxying all requests (not mocked in wiremock ones). I created a small simple docker compose file for you to test it: https://github.com/AnCh7/wiremock-haproxy It consist of:

  1. Wiremock Dockerfile with healthcheck and proxy-all mappings.
  2. Haproxy config file (pretty simple configuration)
  3. Docker compose file and readme file with information how to run it and error that I am getting. Usually, if you run same curl command twice, you can get this error first time, but never second. So please run these to curl commands one by one.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

OK, I can replicate this now if I run your script. Having tinkered with it a little it seems that making requests with different Host values in short succession triggers the issue, so there may be something in the hypothesis that this is something WireMock related.

I’m going to keep looking, anyway,

+2
tomakehurst on Jun 10, 2020

Connection reuse by the proxy client has now been completely disabled in 55490cec33dee35c031a53e13b94fd7a9c37fa16

+1
tomakehurst on May 6, 2021

Good news. I am going to try it this week and I will let u know how it works. Thank you!

+1
AnCh7 on Jun 22, 2020

OK, I’ve found the problem.

When preserveHostHeader is set, WireMock copies the original host header to a header on the proxy request, but this isn’t sufficient on its own for the Apache HTTP client to treat it as a distinct route from a connection pooling perspective. So it’s attempting to reuse the connection from a call to one domain for another.

You can work around this for now by disabling connection reuse via a system property in the WireMock startup command: -Dhttp.keepAlive=false.

Edit: previous version of this comment contained a patch that turned out not to be correct.

+1
tomakehurst on Jun 22, 2020

Nope, I’d have posted on here if I did.

If you want to do your own debugging, then I’d suggest you start by looking in ProxyResponseRenderer, as this is where the forwarded requests get made.

+1
tomakehurst on Jun 17, 2020
Read more comments on GitHub
← wiremock: Slow response times
wiremock: Verify request with duplicate query params →