[FAB-8407] Fix TLS bad cert error

Fabric CA sample fails with TLS error when running against latest 1.1 code because orderer was expecting client certificate but was not receiving on during TLS handshake. This change set fixes the problem by specifying --clientauth, --keyfile and --certfile command line arguments to the peer commands that need to communicate with orderer, like 'peer channel create'. Change-Id: I34ad39c919c0121916116c3711c7429009db7fc8 Signed-off-by: Anil Ambati <aambati@us.ibm.com>
hyperledger · Feb 21, 2018 · e379ac5 · e379ac5
1 parent 24f35c1
commit e379ac5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/fabric-ca/scripts/env.sh b/fabric-ca/scripts/env.sh
@@ -233,6 +233,7 @@ function initPeerVars {
  # Point the non-anchor peers to the anchor peer, which is always the 1st peer
  export CORE_PEER_GOSSIP_BOOTSTRAP=peer1-${ORG}:7051
  fi
+ export ORDERER_CONN_ARGS="$ORDERER_PORT_ARGS --keyfile $CORE_PEER_TLS_CLIENTKEY_FILE --certfile $CORE_PEER_TLS_CLIENTCERT_FILE"
 }
 
 # Switch to the current org's admin identity. Enroll if not previously enrolled.

diff --git a/fabric-ca/scripts/run-fabric.sh b/fabric-ca/scripts/run-fabric.sh
@@ -25,7 +25,7 @@ function main {
  # Set ORDERER_PORT_ARGS to the args needed to communicate with the 1st orderer
  IFS=', ' read -r -a OORGS <<< "$ORDERER_ORGS"
  initOrdererVars ${OORGS[0]} 1
- ORDERER_PORT_ARGS="-o $ORDERER_HOST:7050 --tls --cafile $CA_CHAINFILE"
+ export ORDERER_PORT_ARGS="-o $ORDERER_HOST:7050 --tls --cafile $CA_CHAINFILE --clientauth"
 
  # Convert PEER_ORGS to an array named PORGS
  IFS=', ' read -r -a PORGS <<< "$PEER_ORGS"
@@ -48,7 +48,7 @@ function main {
  initPeerVars $ORG 1
  switchToAdminIdentity
  logr "Updating anchor peers for $PEER_HOST ..."
- peer channel update -c $CHANNEL_NAME -f $ANCHOR_TX_FILE $ORDERER_PORT_ARGS
+ peer channel update -c $CHANNEL_NAME -f $ANCHOR_TX_FILE $ORDERER_CONN_ARGS
  done
 
  # Install chaincode on the 1st peer in each org
@@ -62,7 +62,7 @@ function main {
  initPeerVars ${PORGS[1]} 1
  switchToAdminIdentity
  logr "Instantiating chaincode on $PEER_HOST ..."
- peer chaincode instantiate -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "$POLICY" $ORDERER_PORT_ARGS
+ peer chaincode instantiate -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "$POLICY" $ORDERER_CONN_ARGS
 
  # Query chaincode from the 1st peer of the 1st org
  initPeerVars ${PORGS[0]} 1
@@ -73,7 +73,7 @@ function main {
  initPeerVars ${PORGS[0]} 1
  switchToUserIdentity
  logr "Sending invoke transaction to $PEER_HOST ..."
- peer chaincode invoke -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}' $ORDERER_PORT_ARGS
+ peer chaincode invoke -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}' $ORDERER_CONN_ARGS
 
  ## Install chaincode on 2nd peer of 2nd org
  initPeerVars ${PORGS[1]} 2
@@ -116,7 +116,7 @@ function createChannel {
  initPeerVars ${PORGS[0]} 1
  switchToAdminIdentity
  logr "Creating channel '$CHANNEL_NAME' on $ORDERER_HOST ..."
- peer channel create --logging-level=DEBUG -c $CHANNEL_NAME -f $CHANNEL_TX_FILE $ORDERER_PORT_ARGS
+ peer channel create --logging-level=DEBUG -c $CHANNEL_NAME -f $CHANNEL_TX_FILE $ORDERER_CONN_ARGS
 }
 
 # Enroll as a fabric admin and join the channel
@@ -213,12 +213,12 @@ function installChaincode {
 
 function fetchConfigBlock {
  logr "Fetching the configuration block of the channel '$CHANNEL_NAME'"
- peer channel fetch config $CONFIG_BLOCK_FILE -c $CHANNEL_NAME $ORDERER_PORT_ARGS
+ peer channel fetch config $CONFIG_BLOCK_FILE -c $CHANNEL_NAME $ORDERER_CONN_ARGS
 }
 
 function updateConfigBlock {
  logr "Updating the configuration block of the channel '$CHANNEL_NAME'"
- peer channel update -f $CONFIG_UPDATE_ENVELOPE_FILE -c $CHANNEL_NAME $ORDERER_PORT_ARGS
+ peer channel update -f $CONFIG_UPDATE_ENVELOPE_FILE -c $CHANNEL_NAME $ORDERER_CONN_ARGS
 }
 
 function createConfigUpdatePayloadWithCRL {