Comments (3)
I have exactly the same problem. If Peers have mutual TLS enabled, then somehow either in the connection.json file or by using custom Go code (from the fabric-sdk-go pkg), the client TLS certificates that are needed for the authentication against the Peers must be passed along. I am trying to do the second because I cannot find any examples of which fields must be added in the connection.json in order to be able to load the peer's client certificates.
from fabric-sdk-go.
same error here with the last two versions of fabric
docker image:
- tag 2.4 of hyperledger/fabric-tools, hyperledger/fabric-peer and hyperledger/fabric-orderer
- tag 2.3 of hyperledger/fabric-tools, hyperledger/fabric-peer and hyperledger/fabric-orderer
Error on fabric-sdk-go pkg
Failed to get network: Failed to create new channel client: event service creation failed: could not get chConfig cache reference: QueryBlockConfig failed: QueryBlockConfig failed: queryChaincode failed: Transaction processing for endorser [peer0.org1.example.com:7051]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer0.org1.example.com:7051]: connection is in TRANSIENT_FAILURE
Error on peer:
2022-10-12 01:03:25.267 UTC 1b3f ERRO [core.comm] ServerHandshake -> Server TLS handshake failed in 1.53156ms with error remote error: tls: bad certificate server=PeerServer remoteaddress=192.168.208.8:58410
2022-10-12 01:03:25.267 UTC [grpc] WarningDepth -> DEBU 022 [core]grpc: Server.Serve failed to complete security handshake from "192.168.208.8:58410": remote error: tls: bad certificate
from fabric-sdk-go.
This is not an error related to fabric per se. It is an connection error and it is related purely with fabric sdk go.
Peer expects a client certificate to be sent with the connection in order for peer to be able to verify that the client certificate is valid and has matched common names. Fabric sdk go unfortunately is a low level SDK. Meaning that we must provide a way to load client certificates during gRPC call.
I saw that the fabric-gateway (high level SDK) package allows you to create gRPC connection with peer and you can pass certificates directly during gRPC call. There is an example for that (but be careful, if you have an intermediate CA, you must change the AddCert() function with AppendCertsFromPEM(), because the first function add only one certificate to the certpool each time, but the second function adds the whole chain of trust) that is uploaded in the fabric-samples repository. The problem here is that is you used fabric sdk go to create a solution, you need to refactor everything.
Finally, I hope that a much more simpler way can be found, in order to be able to supply client certificates during the gRPC call using fabric sdk go, and to avoid all the refactoring with the fabric-gateway.
from fabric-sdk-go.
Related Issues (20)
- Does it support version 2.4 HOT 3
- The SDK cannot run on the MacOS Ventura
- Is there a tutorial to introduce how to implement 'fabric-ca-server/fabric-ca-client' functionality using this SDK like the official document HOT 2
- Adding an anchor peer nod on a channel with fabric-sdk-go
- How to fix hyperledger issue (undefined: discovery.ChaincodeCall) after updating go lang to 1.20? HOT 8
- fabric1.4 stub.delState deleted fail
- direct dependency cloudflare/cfssl has experimantal and dengerious dependency
- sanitizeCert failed the supplied identity is not valid: x509: certificate signed by unknown authority HOT 2
- Add support for go version 1.18+ HOT 2
- how to use this to create channel at fabric2.4 without orderer system channel HOT 5
- In Fabric 2.4, channels are created using Fabric-SDK-Go in a non-system channel way
- Transition CI from Azure Pipelines to GitHub Actions HOT 1
- The error occurred when using fabric-sdk-go client-side
- If the chaincode input and output functions have different packages but the same structure name then variable conflict issue in the chaincode HOT 1
- fix(deps): uncontrolled Resource Consumption in promhttp CVE-2022-21698
- Too many open files error with go sdk user register and enroll
- how to install and institate chaincode without system channel
- i know you will not click or answer... but i cant stop to ask ..T_T
- Potential Privacy leakage in the "move" function in example_cc.go
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fabric-sdk-go.