Hyperledger Fabric:TLS握手失败,错误tls

问题描述 投票:0回答:1

我建立了一个具有筏订购服务(5个订购者),2个组织和一个对等体的网络,同时启用了TLS和客户端身份验证。我已经创建了通道并成功加入了该通道,但是在将锚点对等点从cli更新为订购者时,出现TLS握手失败错误,并且无法为同一错误创建第二个通道。除了此TLS错误之外,为什么我能够创建第一个通道却感到非常困惑,肯定是不正确的配置导致了这一点。

CLI命令:

export ORDERER_CA=crypto/ordererOrganizations/example.com/tlsca/ca-chain.pem
export CLIENT_KEY_FILE=crypto/peerOrganizations/org1.example.com/users/[email protected]/tls/client.key
export CLIENT_CERT_FILE=crypto/peerOrganizations/org1.example.com/users/[email protected]/tls/client.pem

*Worked: peer channel create -o orderer0.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls --cafile $ORDERER_CA --clientauth --keyfile $CLIENT_KEY_FILE --certfile $CLIENT_CERT_FILE

*Worked: peer channel join -b muchannel.block

*FAILED: peer channel update -o orderer0.example.com:7050 -c mychannel -f ./channel-artifacts/anchors_channel.tx --tls --cafile $ORDERER_CA --clientauth --keyfile $CLIENT_KEY_FILE --certfile $CLIENT_CERT_FILE

CLI yaml配置:

- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.pem
- CORE_PEER_TLS_KEY_FILE=crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=crypto/peerOrganizations/org1.example.com/tlsca/ca-chain.pem 
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_TLS_CLIENTCERT_FILE=crypto/peerOrganizations/org1.example.com/users/[email protected]/tls/client.pem 
- CORE_PEER_TLS_CLIENTKEY_FILE=crypto/peerOrganizations/org1.example.com/users/[email protected]/tls/client.key

订购者Yaml配置:

- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key 
- ORDERER_GENERAL_TLS_CERTIFICATE=crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[crypto/ordererOrganizations/example.com/tls/ca-chain.pem] 
- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
- ORDERER_GENERAL_TLS_CLIENTROOTCAS=[crypto/ordererOrganizations/example.com/tlsca/ca-chain.pem,crypto/peerOrganizations/org1.example.com/tlsca/ca-chain.pem,crypto/peerOrganizations/org2.example.com/tlsca/ca-chain.pem] 
hyperledger-fabric tls1.2
1个回答
0
投票

尝试在CLI容器中的以下环境中运行命令:

export CORE_PEER_ADDRESS=orderer.example.com:7050
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/[email protected]/msp
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
export CHANNEL_NAME=mychannel

这是因为发布频道更新交易需要更新频道配置文件,根据您当前的政策,该文件必须由订购者组织的管理员签名。

© www.soinside.com 2019 - 2024. All rights reserved.