在尝试使用api创建频道时,我遇到了这个错误(我正在使用类似的示例来平衡布料示例的传输示例)
但是,我可以使用cli命令创建频道,安装,实例化和调用
我已经附上了错误的屏幕截图和我的网络配置文件enter image description here
-networkconfig.yaml-
#
网络连接配置文件向客户端应用程序提供有关目标的信息
应用程序与之交互所必需的区块链网络。这些都是
必须从带外源获取的知识。该文件提供了这样的来源。
名称:“业务连接”
#
任何带有“ x-”前缀的属性都将被视为特定于应用程序,就像命名方式一样
HTTP标头或swagger属性中的起作用。 SDK只会忽略这些字段并离开
用于处理应用程序。这是用于应用程序不同组件的机制
交换不属于以下描述的标准架构的信息。特别是
Hyperledger Composer使用以下带有“ hlfv1”值示例的“ x-type”属性
确定需要使用的Fabric网络的类型(v0.6与v1.0)。
x类型:“ hlfv1”
#
描述目标网络是/做什么。
描述:“ Business connect-POC”
#
内容的架构版本。 SDK用来应用相应的解析规则。
版本:“ 1.0”
#
将在每个组织的基础上添加客户端部分,请参见org1.yaml和org2.yaml
#
客户端:
#
[可选]。但是大多数应用程序都会有此部分,以便可以构造通道对象
根据以下内容。如果某个应用正在创建频道,则可能不需要此
部分。
channels:#通道内部通道的名称:
# Required. list of orderers designated by the application to use for transactions on this # channel. This list can be a result of access control ("org1" can only access "ordererA"), or # operational decisions to share loads from applications among the orderers. The values must # be "names" of orgs defined under "organizations/peers" orderers: - orderer1-htc # Required. list of peers from participating orgs peers: peer1-accounts: # [Optional]. will this peer be sent transaction proposals for endorsement? The peer must # have the chaincode installed. The app can also use this property to decide which peers # to send the chaincode install request. Default: true endorsingPeer: true # [Optional]. will this peer be sent query proposals? The peer must have the chaincode # installed. The app can also use this property to decide which peers to send the # chaincode install request. Default: true chaincodeQuery: true # [Optional]. will this peer be sent query proposals that do not require chaincodes, like # queryBlock(), queryTransaction(), etc. Default: true ledgerQuery: true # [Optional]. will this peer be the target of the SDK's listener registration? All peers can # produce events but the app typically only needs to connect to one to listen to events. # Default: true eventSource: true peer1-mgmt: endorsingPeer: false chaincodeQuery: true ledgerQuery: true eventSource: false peer1-project: endorsingPeer: false chaincodeQuery: true ledgerQuery: true eventSource: true # [Optional]. what chaincodes are expected to exist on this channel? The application can use # this information to validate that the target peers are in the expected state by comparing # this list with the query results of getInstalledChaincodes() and getInstantiatedChaincodes() chaincodes: # the format follows the "cannonical name" of chaincodes by fabric code - mycontract-v0.1
#
此网络中参与组织的列表
组织:htc:
mspid: htcMSP orderer: - orderer1-htc certificateAuthorities: - ica-htc accounts: mspid: accountsMSP peers: - peer1-accounts # [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based # network. Typically certificates provisioning is done in a separate process outside of the # runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for # dynamic certificate management (enroll, revoke, re-enroll). The following section is only for # Fabric-CA servers. certificateAuthorities: - ica-accounts # [Optional]. If the application is going to make requests that are reserved to organization # administrators, including creating/updating channels, installing/instantiating chaincodes, it # must have access to the admin identity represented by the private key and signing certificate. # Both properties can be the PEM string or local path to the PEM file. Note that this is mainly for # convenience in development mode, production systems should not expose sensitive information # this way. The SDK should allow applications to set the org admin identity via APIs, and only use # this route as an alternative when it exists. adminPrivateKey: path: network/data/orgs/accounts/admin/msp/keystore/accounts_sk signedCert: path: network/data/orgs/accounts/admin/msp/signcerts/cert.pem
#个人资料将包含有关组织的公共信息 除了它所属的那个。 #这些是必要的信息 使事务生命周期有效,包括MSP ID和#个对等体 使用公共URL发送交易建议。该文件不会 包含保留给会员的私人#信息 组织,例如管理密钥和证书,#fabric-ca 注册商注册ID和机密等。mgmt: mspid:mgmtMSP 同行: -peer1-mgmt certificateAuthorities: -ica-mgmt adminPrivateKey: 路径:网络/数据/组织/ mgmt / admin / msp / keystore / mgmt_sk 签名证书: 路径:network / data / orgs / mgmt / admin / msp / signcerts / cert.pem项目: mspid:项目MSP 同行: -peer1项目 certificateAuthorities: -ICA项目 adminPrivateKey: 路径:network / data / orgs / project / admin / msp / keystore / project_sk 签名证书: 路径:network / data / orgs / project / admin / msp / signcerts / cert.pem
#
要发送交易和频道创建/更新请求的订购者列表。暂时
只需要一个订购者。如果定义了多个,则
将使用哪个SDK是特定于实现的。请查阅每个SDK的文档以了解如何处理订单。
orderers:orderer1-htc:
url: grpcs://localhost:7050 # these are standard properties defined by the gRPC library # they will be passed in as-is to gRPC client constructor grpcOptions: ssl-target-name-override: orderer1-htc tlsCACerts: path: network/data/htc.crt
#
要向其发送各种请求的对等方列表,包括认可,查询
和事件侦听器注册。
peers:peer1帐户:
# this URL is used to send endorsement and query requests url: grpcs://localhost:7051 grpcOptions: ssl-target-name-override: peer1-accounts tlsCACerts: path: network/data/accounts.crt
peer1-mgmt: 网址:grpcs:// localhost:8051 grpcOptions: ssl-target-name-override:peer1-mgmt tlsCACerts: 路径:network / data / mgmt.crt
peer1-project: 网址:grpcs:// localhost:9051
grpcOptions: ssl-target-name-override: peer1-project tlsCACerts: path: network/data/project.crt
#
Fabric-CA是Hyperledger Fabric提供的一种特殊的证书颁发机构,它允许
证书管理通过REST API完成。应用程序可以选择使用标准
证书颁发机构而不是Fabric-CA,在这种情况下将不指定此部分。
certificateAuthorities:ica-htc:
url: http://localhost:1054 httpOptions: verify: false tlsCACerts: path: network/data/htc-ca-cert.pem registrar: - enrollId: ica-htc-admin enrollSecret: ica-htc-adminpw # [Optional] The optional name of the CA. caName: ica-htc ica-accounts: url: http://localhost:7054 # the properties specified under this object are passed to the 'http' client verbatim when # making the request to the Fabric-CA server httpOptions: verify: false tlsCACerts: path: network/data/accounts-ca-chain.pem # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is # needed to enroll and invoke new users. registrar: - enrollId: ica-accounts-admin enrollSecret: ica-accounts-adminpw # [Optional] The optional name of the CA. caName: ica-accounts
ica-mgmt: 网址:http://localhost:8054 httpOptions: 验证:错误 tlsCACerts: 路径:network / data / mgmt-ca-chain.pem 注册商: -enrollId:ica-mgmt-admin 秘密注册:ica-mgmt-adminpw #[可选] CA的可选名称。 caName:ica-mgmt
ica项目: 网址:http://localhost:9054 httpOptions: 验证:错误 tlsCACerts: 路径:network / data / project-ca-chain.pem 注册商: -enrollId:ica-project-admin 秘密注册:ica-project-adminpw #[可选] CA的可选名称。 caName:ica-project
答案 0 :(得分:1)
好像您在TLS握手中收到主机名验证错误。在您的设置中
# this URL is used to send endorsement and query requests
url: grpcs://localhost:7051
grpcOptions:
ssl-target-name-override: peer1-accounts
tlsCACerts:
path: network/data/accounts.crt
您正在呼叫localhost
,但是将替代设置为peer1-accounts
。您在URL中使用的主机名必须与对等方使用的TLS证书中的SAN之一匹配,或者为ssl-target-name-override
设置的任何值都必须与TLS证书中的SAN之一匹配。
您可以使用openssl打印证书的详细信息:
openssl x509 -noout -text -in path-to-tls-cert
答案 1 :(得分:0)
此问题与防火墙中的块有关。当我在防火墙上禁用 SSL 检查时,它又工作了,没问题