Optional peer ID verification #219
Conversation
Adds a (presently optional) peer ID to `tcp:///` validator addresses allowing the remote peer ID to be specified. Presently warns if this is unconfigured, or verifies it if it is configured. See: #111
|
This is the last thing I wanted to get into a final v0.5.0 release. I will test it on gaia-13k before shipping. |
| /// Secret Connection signing keys | ||
| // TODO(tarcieri): unify with `TendermintKey`? | ||
| #[derive(Copy, Clone, Debug, Hash, Eq, PartialEq)] | ||
| pub enum SecretConnectionKey { |
There was a problem hiding this comment.
Moved and renamed this to tendermint::secret_connection::PublicKey. This seems better with secret_connection as (presently) an optional cargo feature, however I just noticed we don't test tendermint-rs with --no-default-features
| @@ -7,7 +7,8 @@ GENESIS_FILE=${GENESIS_FILE:-${TMHOME}/config/genesis.json} | |||
| SIGNING_KEY=${SIGNING_KEY:-${OUTPUT_PATH}/signing.key} | |||
| SECRET_KEY=${SECRET_KEY:-${OUTPUT_PATH}/secret_connection.key} | |||
| OUTPUT_FILE=${OUTPUT_FILE:-${OUTPUT_PATH}/tmkms.toml} | |||
| VALIDATOR_ADDR=${VALIDATOR_ADDR:-"tcp://127.0.0.1:61278"} | |||
| VALIDATOR_ID=${VALIDATOR_ID:-"f88883b673fc69d7869cab098de3bafc2ff76eb8"} | |||
| VALIDATOR_ADDR=${VALIDATOR_ADDR:-"tcp://f88883b673fc69d7869cab098de3bafc2ff76eb8@127.0.0.1:61278"} | |||
There was a problem hiding this comment.
Will need to (re)configure these whenever #207 happens
|
@liamsi so I tested this out in production and it seems to be working, however it seems the Secret Connection key associated with gaiad's I can open an issue about this, but I'm not sure if it's a /cc @zmanian |
|
Yes, you are right: we currently always regenerate the key instead of persisting it: |
|
It's a tendermint issue: tendermint/tendermint#3105 |
Adds a (presently optional) peer ID to
tcp:///validator addresses allowing the remote peer ID to be specified.Presently warns if this is unconfigured, or verifies it if it is configured.
See: #111