服务器 TLS 握手失败

时间:2021-03-23 15:00:56

标签: node.js kubernetes hyperledger-fabric kubernetes-pod hyperledger-fabric-ca

每当我的应用程序尝试运行 gateway.connect(connectionProfile, connectionOptions); 时,我都会收到以下错误:

error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0org1, url:grpcs://0.0.0.0:30012, connected:false, connectAttempted:true
error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0org1 url:grpcs://0.0.0.0:30012 timeout:3000
info: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0org1 due to Error: Failed to connect before the deadline on Endorser- name: peer0org1, url:grpcs://0.0.0.0:30012, connected:false, connectAttempted:true
error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0org2, url:grpcs://0.0.0.0:30015, connected:false, connectAttempted:true
error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0org2 url:grpcs://0.0.0.0:30015 timeout:3000
info: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0org2 due to Error: Failed to connect before the deadline on Endorser- name: peer0org2, url:grpcs://0.0.0.0:30015, connected:false, connectAttempted:true

在对等日志中,我看到以下错误消息:

[core.comm] ServerHandshake -> ERRO 06f Server TLS handshake failed in 2.895908ms with error tls: failed to verify client certificate: x509: certificate signed by unknown authority server=ChaincodeServer remoteaddress=192.168.15.6:52552
[core.comm] ServerHandshake -> ERRO 070 Server TLS handshake failed in 4.805823ms with error tls: failed to verify client certificate: x509: certificate signed by unknown authority server=ChaincodeServer remoteaddress=192.168.15.6:52560
[core.comm] ServerHandshake -> ERRO 071 Server TLS handshake failed in 2.988008ms with error tls: failed to verify client certificate: x509: certificate signed by unknown authority server=ChaincodeServer remoteaddress=192.168.15.6:52576
[core.comm] ServerHandshake -> ERRO 072 Server TLS handshake failed in 2.223583ms with error tls: failed to verify client certificate: x509: certificate signed by unknown authority server=ChaincodeServer remoteaddress=192.168.15.6:52598

我在本地 microk8s kubernetes 集群上运行我的网络。所有 peers 和 orderer pod 都有自己的 NodePort 类型的 Service。我还在 pod 上运行我的链码作为外部服务,每个组织一个。

所有证书均使用 Fabric-CA 生成:1 个用于通信的 TLS 证书和 1 个 RCA 用于每个组织。

我没有在 pod 上运行我的应用程序,我只是运行 node app.js

这是我的应用程序代码:

async function funcName(...) {

    const wallet = await Wallets.newFileSystemWallet('path/to/wallet');

    const gateway = new Gateway();

    try {

        const userName = 'User1@org1.example.com';

        let connectionProfile = yaml.load(fs.readFileSync('./gateway/networkConnection.yaml', 'utf8'));

        let connectionOptions = {
            identity: userName,
            wallet: wallet,
            discovery: { enabled:true, asLocalhost: true }
        };

        await gateway.connect(connectionProfile, connectionOptions);
    ...

这是我的 networkConnection.yaml:

---
name: "test-network"

x-type: "hlfv1"

description: "Description"

version: "1.0"

client:
  organization: Org1

channels:
  canalhash:
    orderers:
      - orderer1
      - orderer2
      - orderer3
      - orderer4
      - orderer5

    peers:
      peer0org1:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true

organizations:
  Org1:
    mspid: Org1MSP

    peers:
      - peer0org1

    certificateAuthorities:
      - rca-org1

  Org2:
    mspid: Org2MSP

    peers:
      - peer0org2

orderers:
  orderer1:
    url: grpcs://0.0.0.0:30017

    grpcOptions:
      ssl-target-name-override: orderer1

    tlsCACerts:
      path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem

  orderer2:
    url: grpcs://0.0.0.0:30018

    grpcOptions:
      ssl-target-name-override: orderer2

    tlsCACerts:
      path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem

  orderer3:
    url: grpcs://0.0.0.0:30019

    grpcOptions:
      ssl-target-name-override: orderer3

    tlsCACerts:
      path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem

  orderer4:
    url: grpcs://0.0.0.0:30020

    grpcOptions:
      ssl-target-name-override: orderer4

    tlsCACerts:
      path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem

  orderer5:
    url: grpcs://0.0.0.0:30021

    grpcOptions:
      ssl-target-name-override: orderer5

    tlsCACerts:
      path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem

peers:
  peer0org1:
    url: grpcs://0.0.0.0:30012

    grpcOptions:
      ssl-target-name-override: peer0org1
      request-timeout: 120001

    tlsCACerts:
      path: /home/network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls-ca/tls-ca-cert.pem

  peer0org2:
    url: grpcs://0.0.0.0:30015
    grpcOptions:
      ssl-target-name-override: peer0org2
      request-timeout: 120001

    tlsCACerts:
      path: /home/network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls-ca/tls-ca-cert.pem

certificateAuthorities:
  rca-org1:
    url: https://0.0.0.0:30009
    httpOptions:
      verify: false
    tlsCACerts: 
      path: /home/storage/rca-org1/crypto/ca-cert.pem

    registrar:
      - enrollId: admin
        enrollSecret: adminpw
    caName: rca-org1

  rca-org2:
    url: https://0.0.0.0:30010
    httpOptions:
      verify: false
    tlsCACerts:
      path: /home/storage/rca-org1/crypto/ca-cert.pem
    registrar:
      - enrollId: admin
        enrollSecret: adminpw
    caName: rca-org2

  tls-ca:
    url: https://0.0.0.0:30007
    httpOptions:
      verify: false
    tlsCACerts:
      path: /home/storage/tls-ca/crypto/ca-cert.pem
    registrar:
      - enrollId: tls-ca-admin
        enrollSecret: tls-ca-adminpw
    caName: tls-ca

有人知道是什么导致了这些错误吗?如果需要有关我的网络的更多信息,请询问它,我会用它来编辑我的问题。

0 个答案:

没有答案
相关问题
最新问题