[FAB-9736] TLS config should not be required

When we call loadTLSCerts() to cache TLS CA certs, configuration initialization fails if no TLS CA is specified for any configured node. It should just log a message and continue as TLS is not mandatory. Change-Id: I2dc1530d5100a81510b617d75e6675b29ec4acc8 Signed-off-by: Divyank Katira <Divyank.Katira@securekey.com>
hyperledger · Apr 26, 2018 · 0c8195c · 0c8195c
1 parent 4e62454
commit 0c8195c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 24 deletions.
diff --git a/pkg/client/channel/invoke/txnhandler.go b/pkg/client/channel/invoke/txnhandler.go
@@ -154,11 +154,13 @@ func (c *CommitTxHandler) Handle(requestContext *RequestContext, clientContext *
 		requestContext.Response.TxValidationCode = txStatus.TxValidationCode
 
 		if txStatus.TxValidationCode != pb.TxValidationCode_VALID {
-			requestContext.Error = status.New(status.EventServerStatus, int32(txStatus.TxValidationCode), "received invalid transaction", nil)
+			requestContext.Error = status.New(status.EventServerStatus, int32(txStatus.TxValidationCode),
+				"received invalid transaction", nil)
 			return
 		}
 	case <-requestContext.Ctx.Done():
-		requestContext.Error = errors.New("Execute didn't receive block event")
+		requestContext.Error = status.New(status.ClientStatus, status.Timeout.ToInt32(),
+			"Execute didn't receive block event", nil)
 		return
 	}
 

diff --git a/pkg/core/config/testdata/config_test_embedded_pems.yaml b/pkg/core/config/testdata/config_test_embedded_pems.yaml
@@ -439,22 +439,6 @@ peers:
       #will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
       allow-insecure: false
     tlsCACerts:
-      # pem supersedes path
-      pem: |
-        -----BEGIN CERTIFICATE-----
-        MIICNjCCAdygAwIBAgIRAILSPmMB3BzoLIQGsFxwZr8wCgYIKoZIzj0EAwIwbDEL
-        MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
-        cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l
-        eGFtcGxlLmNvbTAeFw0xNzA3MjgxNDI3MjBaFw0yNzA3MjYxNDI3MjBaMGwxCzAJ
-        BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh
-        bmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh
-        bXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQfgKb4db53odNzdMXn
-        P5FZTZTFztOO1yLvCHDofSNfTPq/guw+YYk7ZNmhlhj8JHFG6dTybc9Qb/HOh9hh
-        gYpXo18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMB
-        Af8EBTADAQH/MCkGA1UdDgQiBCBxaEP3nVHQx4r7tC+WO//vrPRM1t86SKN0s6XB
-        8LWbHTAKBggqhkjOPQQDAgNIADBFAiEA96HXwCsuMr7tti8lpcv1oVnXg0FlTxR/
-        SQtE5YgdxkUCIHReNWh/pluHTxeGu2jNCH1eh6o2ajSGeeizoapvdJbN
-        -----END CERTIFICATE-----
       path:
       #path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
 

diff --git a/pkg/fab/endpointconfig.go b/pkg/fab/endpointconfig.go
@@ -17,6 +17,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/hyperledger/fabric-sdk-go/pkg/common/errors/multi"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/errors/status"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/logging"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
@@ -83,7 +84,7 @@ func ConfigFromBackend(coreBackend ...core.ConfigBackend) (fab.EndpointConfig, e
 	// is expensive
 	certs, err := config.loadTLSCerts()
 	if err != nil {
-		return nil, errors.WithMessage(err, "could not load TLS certs")
+		logger.Infof("could not cache TLS certs", err.Error())
 	}
 	if _, err := config.TLSCACertPool(certs...); err != nil {
 		return nil, errors.WithMessage(err, "cert pool load failed")
@@ -1066,29 +1067,33 @@ func (c *EndpointConfig) verifyPeerConfig(p fab.PeerConfig, peerName string, tls
 
 func (c *EndpointConfig) loadTLSCerts() ([]*x509.Certificate, error) {
 	var certs []*x509.Certificate
+	errs := multi.Errors{}
+
 	orderers, err := c.OrderersConfig()
 	if err != nil {
-		return nil, err
+		errs = append(errs, err)
 	}
 	peers, err := c.NetworkPeers()
 	if err != nil {
-		return nil, err
+		errs = append(errs, err)
 	}
 	for _, peer := range peers {
 		cert, err := peer.TLSCACerts.TLSCert()
 		if err != nil {
-			return nil, err
+			errs = append(errs, errors.WithMessage(err, "for peer: "+peer.URL))
+			continue
 		}
 		certs = append(certs, cert)
 	}
 	for _, orderer := range orderers {
 		cert, err := orderer.TLSCACerts.TLSCert()
 		if err != nil {
-			return nil, err
+			errs = append(errs, errors.WithMessage(err, "for orderer: "+orderer.URL))
+			continue
 		}
 		certs = append(certs, cert)
 	}
-	return certs, nil
+	return certs, errs.ToError()
 }
 
 // Client returns the Client config