Uploaded image for project: 'Fabric SDK Go'
  1. Fabric SDK Go
  2. FABG-99

Add self-signed TLS cert generation for go-sdk

    XMLWordPrintable

Details

    • Story
    • Status: To Do
    • Medium
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      Description from FAB-6923:

      In some cases, clients will be deployed without TLS certificates and will connect to the peer when the peer uses TLS.

      In this kind of scenario, the peer would send a certificate request to the client, and it will not send anything back - and then the discovery service would reject the peer's connection.

      In order to ensure the clients will be able to use the discovery service in spite of lack of TLS certificate, we can just have them auto-generate one and self-sign it.
      Then, the peer would obtain the certificate (but not verify it!) and a mutual TLS handshake will take place, which would allow the client to authenticate to the peer.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              troyronda Troy Ronda
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: