1. 04 Dec, 2017 1 commit
  2. 03 Dec, 2017 4 commits
    • Srinivasan Muralidharan's avatar
    • yacovm's avatar
      [FAB-7275] Comm test intermittent failure · 6910cc78
      yacovm authored
      Sometimees the test TestClientConnections failes.
      It is probably due to the port being incremented non atomically
      while the tests are being run in parallel.
      I made the ports be different per test.
      Change-Id: Ia0120794a04343e438ec3e65cbab0346bd203ed9
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • yacovm's avatar
      [FAB-6974] Decouple peer native TLS and shim · e2583b77
      yacovm authored
      Background: A common "known problem" is a misconfiguration of the peer
      which ripples to the chaincode shim, and then prevents the shim
      to connect to the peer, when TLS is enabled.
      This is due to the fact that the TLS certificate SAN needs to match
      to the configuration, but this is impossible in some cases,
      and tricky in other cases.
      Another aspect is that the chaincode container shouldn't actually
      use organizational credentials to connect to the peer, since
      the chaincode is logically an extension of the peer and managed
      by it, and not by the organization.
      This change set:
      - Removes the code that bakes the peer's TLS CA certificate
        into the docker image.
      - Instead, it adds to the uploaded files at chaincode container startup,
        the TLS CA certificate that is self-signed by the peer at startup.
      - It also makes the chaincode service use a TLS certificate that is
        signed by that CA's private key, with the same SAN that the peer
        passes to the chaincode shim at its startup.
      - Changes the unit tests of the core/chaincode/accesscontrol to reflect
        the change, and imitate a chaincode shim that is given the TLS CA cert
        and the mock chaincode service to use a TLS certificate signed
        by the CA.
      Change-Id: Ife1e2a42b163b5e2372a127f118eccff0027780c
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • Gari Singh's avatar
      [FAB-7237] Specify TLS client key pair for peer · fb329149
      Gari Singh authored
      Prior to this change, the peer used the
      TLS server key pair when making client
      TLS connections.  In many cases, this
      will be fine, but in cases where the
      TLS server key pair is issued by
      a public CA (e.g. Verisign), this is
      an issue as now any client certificate
      issued by Versign will be valid.
      So this change simply adds an optional
      TLS client key pair to the peer config.
      Change-Id: I0195407ef0ecef58059e726a6c9eb6e473926cc8
      Signed-off-by: default avatarGari Singh <gari.r.singh@gmail.com>
  3. 02 Dec, 2017 1 commit
  4. 01 Dec, 2017 4 commits
  5. 30 Nov, 2017 2 commits
  6. 29 Nov, 2017 8 commits
  7. 28 Nov, 2017 6 commits
  8. 27 Nov, 2017 13 commits
  9. 26 Nov, 2017 1 commit
    • Barry Mosakowski's avatar
      [FAB-7066] Modifying the enccc example chaincode · 4a3f5ef0
      Barry Mosakowski authored
      The enccc_example.go was modified to clearly show the user
      the crypto function(s) being available for transactional data
      that has transient data passed for operations to include:
      - encrypt
      - decrypt
      - sign
      - verify
      The patch set removed the 'PUT' and 'GET' parameters for sample clarity.
      The README.md was also modified and the go tests modfied to
      test the modified and new functions added.
      Change-Id: I16b7894c1118cc7b9f722801ffe3a113be5dbece
      Signed-off-by: default avatarBarry Mosakowski <barry_moz@yahoo.com>