-
Notifications
You must be signed in to change notification settings - Fork 8.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FAB-6974] Decouple peer native TLS and shim
Background: A common "known problem" is a misconfiguration of the peer which ripples to the chaincode shim, and then prevents the shim to connect to the peer, when TLS is enabled. This is due to the fact that the TLS certificate SAN needs to match to the configuration, but this is impossible in some cases, and tricky in other cases. Another aspect is that the chaincode container shouldn't actually use organizational credentials to connect to the peer, since the chaincode is logically an extension of the peer and managed by it, and not by the organization. This change set: - Removes the code that bakes the peer's TLS CA certificate into the docker image. - Instead, it adds to the uploaded files at chaincode container startup, the TLS CA certificate that is self-signed by the peer at startup. - It also makes the chaincode service use a TLS certificate that is signed by that CA's private key, with the same SAN that the peer passes to the chaincode shim at its startup. - Changes the unit tests of the core/chaincode/accesscontrol to reflect the change, and imitate a chaincode shim that is given the TLS CA cert and the mock chaincode service to use a TLS certificate signed by the CA. Change-Id: Ife1e2a42b163b5e2372a127f118eccff0027780c Signed-off-by: yacovm <yacovm@il.ibm.com>
- Loading branch information
Showing
15 changed files
with
154 additions
and
211 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.