Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18298

Add cluster client cert default

    XMLWordPrintable

Details

    • Story
    • Status: Closed
    • Medium
    • Resolution: Done
    • None
    • v2.3.0, v2.2.2
    • fabric-orderer
    • No
    • No
    • Unset

    Description

      When the cluster listener re-uses the existing TLS listener, the orderer still requires that a client certificate and key be specified in the orderer.yaml. However, usually, the existing general server TLS certificate and key may be reused here.

      This story is to default the cluster client cert and key to be the same as the server cert and key, if no value is set, and if the cluster listener is reused.

      If the cluster listener is not reused, or there is a value present, the new default should not be applied.

      Reference: this raft IT shows the config values currently used to reuse the existing TLS listener (excluding the TLSHandshakeTimeshift, that's unrelated). Note that it only sets the ServerCertificate and ServerKey to "" but doesn't do the same for the ClientCertificate and ClientKey. As part of this fix, we should update that test to set those to "" as well.

      Attachments

        Activity

          People

            tsharris Tiffany Harris
            jyellick Jason Yellick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: