[FAB-8246] Make orderer mutual TLS conf consistent

The peer turns on mutual TLS with clientAuthRequired, while the orderer turns on mutual TLS with ClientAuthEnabled. This is inconsistent, and as it's a v1.1 feature, may be safely fixed without worry for backwards compatability. Change-Id: Ic3c2817177df0dae6e76bc3d6c8cd965d0502d40 Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
hyperledger · Feb 13, 2018 · 448917b · 448917b
1 parent 8e98cdc
commit 448917b
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 29 deletions.
diff --git a/examples/cluster/config/orderer.yaml b/examples/cluster/config/orderer.yaml
@@ -34,7 +34,7 @@ General:
         Certificate: tls/server.crt
         RootCAs:
           - tls/ca.crt
-        ClientAuthEnabled: false
+        ClientAuthRequired: false
         ClientRootCAs:
 
     # Log Level: The level at which to log. This accepts logging specifications

diff --git a/orderer/common/localconfig/config.go b/orderer/common/localconfig/config.go
@@ -97,12 +97,12 @@ type Keepalive struct {
 
 // TLS contains configuration for TLS connections.
 type TLS struct {
-	Enabled           bool
-	PrivateKey        string
-	Certificate       string
-	RootCAs           []string
-	ClientAuthEnabled bool
-	ClientRootCAs     []string
+	Enabled            bool
+	PrivateKey         string
+	Certificate        string
+	RootCAs            []string
+	ClientAuthRequired bool
+	ClientRootCAs      []string
 }
 
 // Authentication contains configuration parameters related to authenticating

diff --git a/orderer/common/server/main.go b/orderer/common/server/main.go
@@ -136,7 +136,7 @@ func initializeServerConfig(conf *config.TopLevel) comm.ServerConfig {
 	// secure server config
 	secureOpts := &comm.SecureOptions{
 		UseTLS:            conf.General.TLS.Enabled,
-		RequireClientCert: conf.General.TLS.ClientAuthEnabled,
+		RequireClientCert: conf.General.TLS.ClientAuthRequired,
 	}
 	// check to see if TLS is enabled
 	if secureOpts.UseTLS {

diff --git a/orderer/common/server/main_test.go b/orderer/common/server/main_test.go
@@ -79,12 +79,12 @@ func TestInitializeServerConfig(t *testing.T) {
 	conf := &config.TopLevel{
 		General: config.General{
 			TLS: config.TLS{
-				Enabled:           true,
-				ClientAuthEnabled: true,
-				Certificate:       "main.go",
-				PrivateKey:        "main.go",
-				RootCAs:           []string{"main.go"},
-				ClientRootCAs:     []string{"main.go"},
+				Enabled:            true,
+				ClientAuthRequired: true,
+				Certificate:        "main.go",
+				PrivateKey:         "main.go",
+				RootCAs:            []string{"main.go"},
+				ClientRootCAs:      []string{"main.go"},
 			},
 		},
 	}
@@ -131,12 +131,12 @@ func TestInitializeServerConfig(t *testing.T) {
 					&config.TopLevel{
 						General: config.General{
 							TLS: config.TLS{
-								Enabled:           true,
-								ClientAuthEnabled: true,
-								Certificate:       tc.certificate,
-								PrivateKey:        tc.privateKey,
-								RootCAs:           []string{tc.rootCA},
-								ClientRootCAs:     []string{tc.clientCertificate},
+								Enabled:            true,
+								ClientAuthRequired: true,
+								Certificate:        tc.certificate,
+								PrivateKey:         tc.privateKey,
+								RootCAs:            []string{tc.rootCA},
+								ClientRootCAs:      []string{tc.clientCertificate},
 							},
 						},
 					})
@@ -255,8 +255,8 @@ func TestInitializeGrpcServer(t *testing.T) {
 			ListenAddress: host,
 			ListenPort:    uint16(port),
 			TLS: config.TLS{
-				Enabled:           false,
-				ClientAuthEnabled: false,
+				Enabled:            false,
+				ClientAuthRequired: false,
 			},
 		},
 	}
@@ -280,8 +280,8 @@ func TestUpdateTrustedRoots(t *testing.T) {
 			ListenAddress: "localhost",
 			ListenPort:    uint16(port),
 			TLS: config.TLS{
-				Enabled:           false,
-				ClientAuthEnabled: false,
+				Enabled:            false,
+				ClientAuthRequired: false,
 			},
 		},
 	}
@@ -309,10 +309,10 @@ func TestUpdateTrustedRoots(t *testing.T) {
 			ListenAddress: "localhost",
 			ListenPort:    uint16(port),
 			TLS: config.TLS{
-				Enabled:           true,
-				ClientAuthEnabled: true,
-				PrivateKey:        filepath.Join(".", "testdata", "tls", "server.key"),
-				Certificate:       filepath.Join(".", "testdata", "tls", "server.crt"),
+				Enabled:            true,
+				ClientAuthRequired: true,
+				PrivateKey:         filepath.Join(".", "testdata", "tls", "server.key"),
+				Certificate:        filepath.Join(".", "testdata", "tls", "server.crt"),
 			},
 		},
 	}

diff --git a/sampleconfig/orderer.yaml b/sampleconfig/orderer.yaml
@@ -34,7 +34,7 @@ General:
         Certificate: tls/server.crt
         RootCAs:
           - tls/ca.crt
-        ClientAuthEnabled: false
+        ClientAuthRequired: false
         ClientRootCAs:
 
     # Keepalive settings for the GRPC server.