-
Notifications
You must be signed in to change notification settings - Fork 8.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FAB-7491] client TLS cert support for gossip
This change set adds client TLS certificate support for gossip. The handshake method now selects the certificate to hash and attach its binding to the handshake message according to whether the peer initiated the connection or not. The change set adds the support in the form of a struct that wraps the TLS certificates with atomic references. This is in order to prepare for the future where we might have dynamic TLS certificate updates. Unit tests haven't been added, because I changed the test code to always have a different client and server certificate, and in case only the server certificate is present than the code that is executed in the production path is code that is already tested, because it is computed by code in core/peer/start.go Change-Id: I1edddb2321c629f88080510befe1db26fa0b6925 Signed-off-by: yacovm <yacovm@il.ibm.com>
- Loading branch information
Showing
12 changed files
with
97 additions
and
87 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package common | ||
|
||
import ( | ||
"sync/atomic" | ||
) | ||
|
||
// TLSCertificates aggregates server and client TLS certificates | ||
type TLSCertificates struct { | ||
TLSServerCert atomic.Value // *tls.Certificate server certificate of the peer | ||
TLSClientCert atomic.Value // *tls.Certificate client certificate of the peer | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.