我正在尝试让一个小型 golang 应用程序连接到 hyperledger fabric 网络。该网络基于官方 super 账本结构样本之一,称为“第一网络”。它由他们的“byfn.sh”脚本启动,并运行一个功能 end-2-end 测试。该测试使用包含所有有效加密 Material 的“cli”容器直接执行命令。
但是,我尝试使用 fabric-sdk-go 进行查询或创建 Tx。我根据我在网上找到的官方文档和示例创建了一个连接配置文件。
sdk, err := fabsdk.New(config.FromFile("../integrity-network/connection-profile.yaml"))
...
clientChannelContext := sdk.ChannelContext("integrity-channel", fabsdk.WithUser("Admin@org1.example.com"), fabsdk.WithOrg("Org1"))
读取配置文件并创建 SDK 实例有效,但是创建 channel 上下文失败并且 org1 的 peer0 告诉我:第一条记录看起来不像TLS 握手
我对必须在连接配置文件中提供的加密 Material 感到有点困惑,但根据在线示例,我认为它应该是正确的:
x-type: "hlfv1"
description: "Connection profile for our integrity network."
version: "1.0"
client:
organization: org1
logging:
level: debug
cryptoconfig:
path: ../integrity-network/crypto-config/
credentialStore:
path: "/tmp/state-store"
cryptoStore:
path: /tmp/msp
tlsCerts:
systemCertPool: false
client:
key:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key
cert:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt
channels:
integrity-channel:
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
organizations:
OrdererOrg:
mspid: OrdererOrg
cryptoPath: crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp
adminPrivateKey:
path: ../integrity-network/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/keystore/f6dc3f715ffd9547e5ff5e3e08d5ac17f1e2b09968d2daba9e7a9a4e374a2fb1_sk
signedCert:
path: ../integrity-network/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts/Admin@example.com-cert.pem
Org1:
mspid: Org1MSP
cryptoPath: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
peers:
- peer0.org1.example.com
- peer1.org1.example.com
adminPrivateKey:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/25117a9fcadf7b40ed7dcd29b7a478ca86728e564a8388aa889a5de71dec5df8_sk
signedCert:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
users:
Admin@org1.example.com:
key:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/25117a9fcadf7b40ed7dcd29b7a478ca86728e564a8388aa889a5de71dec5df8_sk
cert:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
User1@org1.example.com:
key:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/keystore/e318dc3e94283337e3089673c8aca07ce0d6cc8ffdb03984ab2de11ec7ac11dd_sk
cert:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem
Org2:
mspid: Org2MSP
cryptoPath: crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
peers:
- peer0.org2.example.com
- peer1.org2.example.com
adminPrivateKey:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/078fca0bf56b77656f745e62100a1fd7d55f5d2c2925b6180daac49b67e64f0d_sk
signedCert:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem
users:
Admin@org2.example.com:
key:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/078fca0bf56b77656f745e62100a1fd7d55f5d2c2925b6180daac49b67e64f0d_sk
cert:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem
User1@org2.example.com:
key:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/keystore/3fee22d1537bc40b5e3d036919e3651976a92e42df5725983400a4012f5bc138_sk
cert:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/signcerts/User1@org2.example.com-cert.pem
orderers:
orderer.example.com:
url: grpc://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
peers:
peer0.org1.example.com:
url: grpc://localhost:7051
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
request-timeout: 120001
tlsCACerts:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
peer1.org1.example.com:
url: grpc://localhost:8051
grpcOptions:
ssl-target-name-override: peer1.org1.example.com
request-timeout: 120001
tlsCACerts:
path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
peer0.org2.example.com:
url: grpc://localhost:9051
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
request-timeout: 120001
tlsCACerts:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
peer1.org2.net.ink.tum.de:
url: grpc://localhost:10051
grpcOptions:
ssl-target-name-override: peer1.org2.example.com
request-timeout: 120001
tlsCACerts:
path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
注意:出于某种原因我需要users部分,否则我会得到找不到用户。我在网上找到的大多数示例都不包含该部分。
最佳答案
您需要在对等 URL 中使用 grpcs:
peers:
peer0.org1.example.com:
url: grpcs://localhost:7051
关于ssl - Hyperledger Fabric SDK 未启动 TLS 握手,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55495883/