New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(connector-iroha): add tls encryption #2202
Conversation
Signed-off-by: yashrajdesai <yashrajdesai30@gmail.com>
@baziorek @petermetz Please help to test the TLS connection. |
This PR is related to the issue: #1251 |
@yashrajdesai Please try specifying the protocol prior to the hostname as |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If You are using default Iroha docker container, probably You are using default config files. The default config is here:
https://github.com/hyperledger/iroha/blob/main/example/config.docker
The default config does not contain TLS configuration, so You need to add its to the file:
"torii_tls_params": {
"port": 55552,
"key_pair_path": "/path/to/server"
}
according to the documentation:
https://iroha.readthedocs.io/en/develop/configure/torii-tls.html#configuring-irohad
I assume that the file would be here:
/opt/iroha_data/config.docker
just change the file before starting iroha container and everything should work.
@@ -685,8 +685,10 @@ export class PluginLedgerConnectorIroha | |||
const irohaHostPort = `${baseConfig.irohaHost}:${baseConfig.irohaPort}`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is different port for normal (not TLS) connection and TLS connection.
Those settings are in config file:
https://iroha.readthedocs.io/en/develop/configure/index.html
torii_port
- is for normal connection
"torii_tls_params": {
"port": 55552,
"key_pair_path": "/path/to/server"
}
-
is for TLS
-
for normal connection there is
@@ -81,6 +83,8 @@ test(testCase, async (t: Test) => { | |||
postgresHost: postgresHost, | |||
postgresPort: postgresPort, | |||
logLevel: logLevel, | |||
tlsCert: "/opt/iroha_data/torii_tls/server", | |||
tlsKey: "/opt/iroha_data/torii_tls/server", | |||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding certificates does not make Iroha server to use them, You need to set up those patches and port to config file:
"torii_tls_params": {
"port": 55552,
"key_pair_path": "/path/to/server"
}
@yashrajdesai @baziorek Closing this for now because we are tidying up stale PRs in the queue. Feel free to re-open anytime in the future! |
Enable TLS encryption in the Iroha-cactus connector plugin.
Referred: https://iroha.readthedocs.io/en/develop/configure/torii-tls.html
Signed-off-by: yashrajdesai yashrajdesai30@gmail.com