Allow statically configured root CAs for TLS
When peers communicate with other peers or
orderers, the list of trusted CAs for TLS
communication is derived from the channel
configs. For the peer, the list is the
aggregate of all roots across all channels.
For the orderer, the list is per channel.
This CR adds the option to specify a static
list of CAs via peer.tls.serverRootCAs.files
in core.yaml and a flag
peer.deliveryclient.staticRootsEnabled for the
deliveryclient to use.
Note: the properties are intentionally not
being added to the sample config because they
should not be used in most situations.
Fixes FAB-14420
Change-Id: Ic381dc99bbb6dc5f7ceafd93738b34c5e24fe60c
Signed-off-by:
Gari Singh <gari.r.singh@gmail.com>
Please register or sign in to comment