[FABN-1234] node sdk client cannot communicate with a fabric ca server that has clientauth enabled - Hyperledger JIRA

Details

Type: Bug
Status: Unverified (View Workflow)
Priority: Medium
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Labels:
None

Steps to Reproduce:

Hide
Connect to a fabric-ca-server that has clientauth enabled from a node app.

Observed:
Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139713218058048:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SSL alert number 42

139713218058048:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:659:

]

    at ClientRequest.request.on (/app/node_modules/fabric-ca-client/lib/FabricCAClient.js:487:12)

    at emitOne (events.js:116:13)

    at ClientRequest.emit (events.js:211:7)

    at TLSSocket.socketErrorListener (_http_client.js:401:9)

    at emitOne (events.js:116:13)

    at TLSSocket.emit (events.js:211:7)

    at onwriteError (_stream_writable.js:417:12)

    at onwrite (_stream_writable.js:439:5)

    at _destroy (internal/streams/destroy.js:39:7)

    at TLSSocket.Socket._destroy (net.js:568:3)

Expected:
No error

Show
Connect to a fabric-ca-server that has clientauth enabled from a node app. Observed: Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139713218058048:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SSL alert number 42 139713218058048:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:659: ]     at ClientRequest.request.on (/app/node_modules/fabric-ca-client/lib/FabricCAClient.js:487:12)     at emitOne (events.js:116:13)     at ClientRequest.emit (events.js:211:7)     at TLSSocket.socketErrorListener (_http_client.js:401:9)     at emitOne (events.js:116:13)     at TLSSocket.emit (events.js:211:7)     at onwriteError (_stream_writable.js:417:12)     at onwrite (_stream_writable.js:439:5)     at _destroy (internal/streams/destroy.js:39:7)     at TLSSocket.Socket._destroy (net.js:568:3) Expected: No error

Description

This is related to my [email|https://lists.hyperledger.org/g/fabric/topic/how_to_configure_node_app_to/31570609?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,31570609] and FABN-808. It looks like a node app will never be able to communicate with a fabric ca server that has clientauth enabled. The support for this does not exist in the Node SDK. I looked at the Node SDK code and see following lines (Lines 291-302 in FabricCAClient.js):

const requestOptions = { hostname: self._hostname, port: self._port, path: self._baseAPI + api_method, method: http_method, headers: { Authorization: self.generateAuthToken(requestObj, signingIdentity) }, ca: self._tlsOptions.trustedRoots, rejectUnauthorized: self._tlsOptions.verify, timeout: CONNECTION_TIMEOUT };

showing that the client cert and key is never added to Http options. This should be fixed.

Attachments

Activity

Toggl

Mark as billable

Apply JIRA issue labels

Toggl project

{{ currentTimer.description|limitTo:35 }}...

{{hours}} hour{{hoursS}}, {{minutes}} minute{{minutesS}}, {{seconds}} second{{secondsS}}

People

Assignee:

Bret Harrison

Reporter:

siddharth jain

Votes:

1 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

10/May/19 4:54 PM

Updated:

22/May/19 9:09 PM

node sdk client cannot communicate with a fabric ca server that has clientauth enabled