Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18269

validateConsenterTlsCerts does not verify server cert

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Medium
    • Resolution: Done
    • v2.3.0, v2.2.2
    • v2.3.0, v2.2.2
    • None
    • None
    • (Please add steps to reproduce)

    Description

      This looks like an accidental bug when refactoring the code. 

      var verify = func(certType string, cert *x509.Certificate, opts x509.VerifyOptions) error {
      		if _, err := clientCert.Verify(opts); err != nil {
      			if validationRes, ok := err.(x509.CertificateInvalidError); !ok || (!ignoreExpiration || validationRes.Reason != x509.Expired) {
      				return errors.Errorf("verifying tls %s cert with serial number %d: %v", certType, clientCert.SerialNumber, err)
      			}
      		}
      		return nil
      	} 

      It calls Verify() on the clientCert instead of the passed in cert.

      Attachments

        Issue Links

          Activity

            People

              wlahti Will Lahti
              wlahti Will Lahti
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: