Uploaded image for project: 'Fabric SDK Node'
  1. Fabric SDK Node
  2. FABN-1234

node sdk client cannot communicate with a fabric ca server that has clientauth enabled

    Details

    • Type: Bug
    • Status: Unverified (View Workflow)
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Steps to Reproduce:
      Hide
      Connect to a fabric-ca-server that has clientauth enabled from a node app.

      Observed:
      Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139713218058048:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SSL alert number 42

      139713218058048:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:659:

      ]

          at ClientRequest.request.on (/app/node_modules/fabric-ca-client/lib/FabricCAClient.js:487:12)

          at emitOne (events.js:116:13)

          at ClientRequest.emit (events.js:211:7)

          at TLSSocket.socketErrorListener (_http_client.js:401:9)

          at emitOne (events.js:116:13)

          at TLSSocket.emit (events.js:211:7)

          at onwriteError (_stream_writable.js:417:12)

          at onwrite (_stream_writable.js:439:5)

          at _destroy (internal/streams/destroy.js:39:7)

          at TLSSocket.Socket._destroy (net.js:568:3)

      Expected:
      No error
      Show
      Connect to a fabric-ca-server that has clientauth enabled from a node app. Observed: Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139713218058048:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/s3_pkt.c:1498:SSL alert number 42 139713218058048:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:659: ]     at ClientRequest.request.on (/app/node_modules/fabric-ca-client/lib/FabricCAClient.js:487:12)     at emitOne (events.js:116:13)     at ClientRequest.emit (events.js:211:7)     at TLSSocket.socketErrorListener (_http_client.js:401:9)     at emitOne (events.js:116:13)     at TLSSocket.emit (events.js:211:7)     at onwriteError (_stream_writable.js:417:12)     at onwrite (_stream_writable.js:439:5)     at _destroy (internal/streams/destroy.js:39:7)     at TLSSocket.Socket._destroy (net.js:568:3) Expected: No error

      Description

      This is related to my [email|https://lists.hyperledger.org/g/fabric/topic/how_to_configure_node_app_to/31570609?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,31570609] and FABN-808. It looks like a node app will never be able to communicate with a fabric ca server that has clientauth enabled. The support for this does not exist in the Node SDK. I looked at the Node SDK code and see following lines (Lines 291-302 in FabricCAClient.js):

      const requestOptions = {            hostname: self._hostname,            port: self._port,            path: self._baseAPI + api_method,            method: http_method,            headers: {                Authorization: self.generateAuthToken(requestObj, signingIdentity)            },            ca: self._tlsOptions.trustedRoots,            rejectUnauthorized: self._tlsOptions.verify,            timeout: CONNECTION_TIMEOUT        };

      showing that the client cert and key is never added to Http options. This should be fixed.

        Attachments

          Activity

            People

            • Assignee:
              harrisob@us.ibm.com Bret Harrison
              Reporter:
              siddjain siddharth jain
            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:

                Git Integration