config submitter part 2 #298
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DorKatzelnick
force-pushed
the
configSubmitter2
branch
from
08e65db to
4e5dc6c
Compare
DorKatzelnick
force-pushed
the
configSubmitter2
branch
from
4e5dc6c to
2755521
Compare
HagarMeir
reviewed
Oct 15, 2025
HagarMeir
reviewed
Oct 15, 2025
DorKatzelnick
force-pushed
the
configSubmitter2
branch
from
2755521 to
c0cb710
Compare
tock-ibm
force-pushed
the
configSubmitter2
branch
from
c0cb710 to
f2049e7
Compare
HagarMeir
force-pushed
the
configSubmitter2
branch
from
f2049e7 to
b80b629
Compare
tock-ibm
reviewed
Oct 27, 2025
config/config.go
Outdated
| panic(fmt.Sprintf("Failed marshaling consenter public key: %v", err)) | ||
| routerInfo := nodeconfig.RouterInfo{ | ||
| PartyID: partyID, | ||
| Endpoint: routerConfig.Host + ":" + strconv.Itoa(int(routerConfig.Port)), |
There was a problem hiding this comment.
This trick will not work well with IPv6.
To construct a string from an IP address and port in Go, the net.JoinHostPort function is the recommended approach. This function correctly handles various IP address formats, including IPv6, and ensures the proper formatting of the "host:port" string.
node/consensus/consensus.go
Outdated
|
|
||
| // compare the two certificates | ||
| if !bytes.Equal(pemBlock.Bytes, cert.Raw) { | ||
| return fmt.Errorf("error: access denied. The client certificate does not match the router's certificate") |
There was a problem hiding this comment.
Here, because it is a config or security problem, log the details of the offending incoming cert, in human readable format as well as raw. This may help correct the issue.
node/router/stream.go
Outdated
| // send error to the client | ||
| s.responseToClientWithError(tr, fmt.Errorf("request verification error: %s", err)) | ||
| } else { | ||
| // TODO - if request is config, forward it to the consenter using configSubmitter |
There was a problem hiding this comment.
This is unrelated to the current PR, but an early return approach in the if is more readable and preferrable in Go. That is,
if err := s.verifier.Verify(tr.request); err != nil {
s.logger.Debugf("request is invalid: %s", err)
// send error to the client
s.responseToClientWithError(tr, fmt.Errorf("request verification error: %s", err))
continue
}
... code for no err==nil
There was a problem hiding this comment.
next PR will address this code
DorKatzelnick
force-pushed
the
configSubmitter2
branch
from
b80b629 to
6c76970
Compare
Closed
DorKatzelnick
force-pushed
the
configSubmitter2
branch
2 times, most recently
from
f202ac5 to
1b1ec73
Compare
add router info to consenter config router's certificate pinning in SubmitConfig add configSubmitter to router, without forwarding config requests Signed-off-by: Dor.Katzelnick <Dor.Katzelnick@ibm.com>
DorKatzelnick
force-pushed
the
configSubmitter2
branch
from
1b1ec73 to
5705b36
Compare
tock-ibm
approved these changes
Oct 30, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
issue: #192