Failed to run Node.js SDK on v2.2.2 network upgraded from v1.2.0 #fabric-sdk-node #openssl #tls
|
Yoojin Chang
I think I don't need to change any msp or tls files unless they are expired when upgrading the network.
How can I use the TLS CA certificate I was using on v1.2.0 network after upgrading to v2.2.2? Here's what I've tested and run: 1) I created v1.2.0 network and upgraded it to v2.2.2 I successfully redeployed chaincodes and ran(invoke/query) chaincodes by CLI. But I failed to run chaincodes by Node.js SDK. The log is as follows. 2021-07-15T04:38:15.011Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0.org1.example.com, url:grpcs://127.0.0.1:7051, connected:false, connectAttempted:true
2021-07-15T04:38:15.012Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0.org1.example.com url:grpcs://127.0.0.1:7051 timeout:3000
2021-07-15T04:38:15.013Z - error: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0.org1.example.com due to Error: Failed to connect before the deadline on Endorser- name: peer0.org1.example.com, url:grpcs://127.0.0.1:7051, connected:false, connectAttempted:true
2) So I created another v1.4.1 network and then upgraded it to v2.2.2 In this case, I successfully ran chaincodes by CLI and also Node.js SDK. 3) I thought this was a problem with tls communication. So I set TLS=false on network which was upgraded from v1.2.0 and then retried to invoke/query chaincodes by Node.js SDK. It worked. 4) I changed packages of SDK from fabric-network@2.1.0 to fabric-client@1.4.11 and retried, and then I got more detailed logs. E0714 12:51:34.945769000 4362497472 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
D0714 12:51:34.945789000 4362497472 security_handshaker.cc:176] Security handshake failed: {"created":"@1626234694.945777000","description":"Handshake failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":291,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0714 12:51:34.945795000 4362497472 tcp_custom.cc:287] TCP 0x13b0e9480 shutdown why={"created":"@1626234694.945777000","description":"Handshake failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":291,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0714 12:51:34.945857000 4362497472 subchannel.cc:1034] Connect failed: {"created":"@1626234694.945777000","description":"Handshake failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":291,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
5) I compared the TLS CA certificate of v1.2.0 with the TLS CA certificate of v1.4.1.As a result, the "Extended Key Usage" was different as follows. v1.2.0 : Any Extended Key Usage v1.4.1 : TLS Web Client Authentication, TLS Web Server Authentication 6) I searched for this issue and found that the version of openssl included in Node.js is related to the "Extended Key Usage" of the certificate.
https://github.com/grpc/grpc-node/issues/801 => So I need exact Extended Key Usage in TLS CA certificate when using SDK with Node.js 10. |
|
|