如何解决服务器 TLS 握手失败
每当我的应用程序尝试运行 gateway.connect(connectionProfile,connectionoptions); 时,我都会收到以下错误:
error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0org1,url:grpcs://0.0.0.0:30012,connected:false,connectAttempted:true
error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0org1 url:grpcs://0.0.0.0:30012 timeout:3000
info: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0org1 due to Error: Failed to connect before the deadline on Endorser- name: peer0org1,connectAttempted:true
error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0org2,url:grpcs://0.0.0.0:30015,connectAttempted:true
error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0org2 url:grpcs://0.0.0.0:30015 timeout:3000
info: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0org2 due to Error: Failed to connect before the deadline on Endorser- name: peer0org2,connectAttempted:true
在对等日志中,我看到以下错误消息:
[core.comm] ServerHandshake -> ERRO 06f Server TLS handshake Failed in 2.895908ms with error tls: Failed to verify client certificate: x509: certificate signed by unkNown authority server=ChaincodeServer remoteaddress=192.168.15.6:52552
[core.comm] ServerHandshake -> ERRO 070 Server TLS handshake Failed in 4.805823ms with error tls: Failed to verify client certificate: x509: certificate signed by unkNown authority server=ChaincodeServer remoteaddress=192.168.15.6:52560
[core.comm] ServerHandshake -> ERRO 071 Server TLS handshake Failed in 2.988008ms with error tls: Failed to verify client certificate: x509: certificate signed by unkNown authority server=ChaincodeServer remoteaddress=192.168.15.6:52576
[core.comm] ServerHandshake -> ERRO 072 Server TLS handshake Failed in 2.223583ms with error tls: Failed to verify client certificate: x509: certificate signed by unkNown authority server=ChaincodeServer remoteaddress=192.168.15.6:52598
我在本地 microk8s kubernetes 集群上运行我的网络。所有 peers 和 orderer pod 都有自己的 NodePort 类型的 Service。我还在 pod 上运行我的链码作为外部服务,每个组织一个。
所有证书均使用 Fabric-CA 生成:1 个用于通信的 TLS 证书和 1 个 RCA 用于每个组织。
我没有在 pod 上运行我的应用程序,我只是运行 node app.js
这是我的应用程序代码:
async function funcName(...) {
const wallet = await Wallets.newFileSystemWallet('path/to/wallet');
const gateway = new Gateway();
try {
const userName = 'User1@org1.example.com';
let connectionProfile = yaml.load(fs.readFileSync('./gateway/networkConnection.yaml','utf8'));
let connectionoptions = {
identity: userName,wallet: wallet,discovery: { enabled:true,asLocalhost: true }
};
await gateway.connect(connectionProfile,connectionoptions);
...
这是我的 networkConnection.yaml:
---
name: "test-network"
x-type: "hlfv1"
description: "Description"
version: "1.0"
client:
organization: Org1
channels:
canalhash:
orderers:
- orderer1
- orderer2
- orderer3
- orderer4
- orderer5
peers:
peer0org1:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
organizations:
Org1:
mspid: Org1MSP
peers:
- peer0org1
certificateAuthorities:
- rca-org1
Org2:
mspid: Org2MSP
peers:
- peer0org2
orderers:
orderer1:
url: grpcs://0.0.0.0:30017
grpcoptions:
ssl-target-name-override: orderer1
tlsCACerts:
path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem
orderer2:
url: grpcs://0.0.0.0:30018
grpcoptions:
ssl-target-name-override: orderer2
tlsCACerts:
path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem
orderer3:
url: grpcs://0.0.0.0:30019
grpcoptions:
ssl-target-name-override: orderer3
tlsCACerts:
path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem
orderer4:
url: grpcs://0.0.0.0:30020
grpcoptions:
ssl-target-name-override: orderer4
tlsCACerts:
path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem
orderer5:
url: grpcs://0.0.0.0:30021
grpcoptions:
ssl-target-name-override: orderer5
tlsCACerts:
path: /home/network/crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tls-ca-cert.pem
peers:
peer0org1:
url: grpcs://0.0.0.0:30012
grpcoptions:
ssl-target-name-override: peer0org1
request-timeout: 120001
tlsCACerts:
path: /home/network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls-ca/tls-ca-cert.pem
peer0org2:
url: grpcs://0.0.0.0:30015
grpcoptions:
ssl-target-name-override: peer0org2
request-timeout: 120001
tlsCACerts:
path: /home/network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls-ca/tls-ca-cert.pem
certificateAuthorities:
rca-org1:
url: https://0.0.0.0:30009
httpOptions:
verify: false
tlsCACerts:
path: /home/storage/rca-org1/crypto/ca-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: rca-org1
rca-org2:
url: https://0.0.0.0:30010
httpOptions:
verify: false
tlsCACerts:
path: /home/storage/rca-org1/crypto/ca-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: rca-org2
tls-ca:
url: https://0.0.0.0:30007
httpOptions:
verify: false
tlsCACerts:
path: /home/storage/tls-ca/crypto/ca-cert.pem
registrar:
- enrollId: tls-ca-admin
enrollSecret: tls-ca-adminpw
caName: tls-ca
有人知道是什么导致了这些错误吗?如果需要有关我的网络的更多信息,请询问它,我会用它来编辑我的问题。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
