Hyperledger Fabric SDK无法启动TLS握手

时间:2019-04-03 13:02:21

标签: ssl hyperledger-fabric hyperledger

我正在尝试获取一个小型golang应用程序以连接到Hyperledger Fabric网络。该网络基于官方的超级账本结构样本之一,称为“第一网络”。它由他们的“ byfn.sh”脚本启动,并运行功能末尾2端测试。该测试直接使用具有所有有效加密材料的“ cli”容器直接执行命令。

但是,我尝试使用fabric-sdk-go进行查询或创建Tx。我根据官方文档和在网上找到的示例创建了一个连接配置文件。

sdk, err := fabsdk.New(config.FromFile("../integrity-network/connection-profile.yaml"))
...
clientChannelContext := sdk.ChannelContext("integrity-channel", fabsdk.WithUser("Admin@org1.example.com"), fabsdk.WithOrg("Org1"))

可以读取配置文件并创建SDK实例,但是创建通道上下文失败,peer0中的org1告诉我:first record does not look like a TLS handshake

对于在连接配置文件中必须提供的加密材料,我有些困惑,但是基于在线示例,我认为它应该是正确的:

x-type: "hlfv1"
description: "Connection profile for our integrity network."
version: "1.0"
client:
  organization: org1
  logging:
    level: debug
  cryptoconfig:
    path: ../integrity-network/crypto-config/
  credentialStore:
    path: "/tmp/state-store"
    cryptoStore:
      path: /tmp/msp
  tlsCerts:
    systemCertPool: false
    client:
      key:
        path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key
      cert:
        path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt
channels:
    integrity-channel:
      orderers:
        - orderer.example.com
      peers:
        peer0.org1.example.com:
          endorsingPeer: true
          chaincodeQuery: true
          ledgerQuery: true
          eventSource: true
        peer1.org1.example.com:
          endorsingPeer: true
          chaincodeQuery: true
          ledgerQuery: true
          eventSource: true

organizations:
  OrdererOrg:
    mspid: OrdererOrg
    cryptoPath: crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp
    adminPrivateKey:
      path: ../integrity-network/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/keystore/f6dc3f715ffd9547e5ff5e3e08d5ac17f1e2b09968d2daba9e7a9a4e374a2fb1_sk
    signedCert:
      path: ../integrity-network/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts/Admin@example.com-cert.pem
  Org1:
    mspid: Org1MSP
    cryptoPath: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
    peers:
      - peer0.org1.example.com
      - peer1.org1.example.com
    adminPrivateKey:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/25117a9fcadf7b40ed7dcd29b7a478ca86728e564a8388aa889a5de71dec5df8_sk
    signedCert:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
    users:
      Admin@org1.example.com:
        key:
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/25117a9fcadf7b40ed7dcd29b7a478ca86728e564a8388aa889a5de71dec5df8_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
      User1@org1.example.com:
        key: 
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/keystore/e318dc3e94283337e3089673c8aca07ce0d6cc8ffdb03984ab2de11ec7ac11dd_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem
  Org2:
    mspid: Org2MSP
    cryptoPath: crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
    peers:
      - peer0.org2.example.com
      - peer1.org2.example.com
    adminPrivateKey:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/078fca0bf56b77656f745e62100a1fd7d55f5d2c2925b6180daac49b67e64f0d_sk
    signedCert:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem
    users:
      Admin@org2.example.com:
        key: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/078fca0bf56b77656f745e62100a1fd7d55f5d2c2925b6180daac49b67e64f0d_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem
      User1@org2.example.com:
        key: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/keystore/3fee22d1537bc40b5e3d036919e3651976a92e42df5725983400a4012f5bc138_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/signcerts/User1@org2.example.com-cert.pem

orderers:
  orderer.example.com:
    url: grpc://localhost:7050
    grpcOptions:
      ssl-target-name-override: orderer.example.com

peers:
  peer0.org1.example.com:
    url: grpc://localhost:7051
    grpcOptions:
      ssl-target-name-override: peer0.org1.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
  peer1.org1.example.com:
    url: grpc://localhost:8051
    grpcOptions:
      ssl-target-name-override: peer1.org1.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
  peer0.org2.example.com:
    url: grpc://localhost:9051
    grpcOptions:
      ssl-target-name-override: peer0.org1.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
  peer1.org2.net.ink.tum.de:
    url: grpc://localhost:10051
    grpcOptions:
      ssl-target-name-override: peer1.org2.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem

注意:出于某些原因,我需要users部分,否则我会得到一个user not found。我在网上找到的大多数示例都没有包含该部分。

1 个答案:

答案 0 :(得分:1)

您需要在对等URL中使用grpcs

peers:
  peer0.org1.example.com:
    url: grpcs://localhost:7051