Skip to content
  • Gari Singh's avatar
    Allow statically configured root CAs for TLS · 86f1c990
    Gari Singh authored
    
    
    When peers communicate with other peers or
    orderers, the list of trusted CAs for TLS
    communication is derived from the channel
    configs.  For the peer, the list is the
    aggregate of all roots across all channels.
    For the orderer, the list is per channel.
    
    This CR adds the option to specify a static
    list of CAs via peer.tls.serverRootCAs.files
    in core.yaml and a flag
    peer.deliveryclient.staticRootsEnabled for the
    deliveryclient to use.
    
    Note:  the properties are intentionally not
    being added to the sample config because they
    should not be used in most situations.
    
    Fixes FAB-14420
    
    Change-Id: Ic381dc99bbb6dc5f7ceafd93738b34c5e24fe60c
    Signed-off-by: default avatarGari Singh <gari.r.singh@gmail.com>
    86f1c990