Re: Certificate error during chaincode invoke


jeroiraz
 

Hello,

Having the same issue with balance-transfer but when joining a peer to a channel. I'm not yet able to identify the cause.

Jian, were you able to identify the root cause?

Best regards,
Jerónimo

On Tue, Nov 14, 2017 at 4:04 AM, Jian Wu Dai <daijianw@...> wrote:
We run  balance-transfer node sdk sample against a network with topology of 3 orderers+ 2 Orgs(each org has two peers). We found an error which happened intermittently during chaincode invoke. Sometimes the testAPI.sh can run successfully till the end, sometimes it failed during chaincode invoke.  
 
The Error is as following in the output of runApp.sh. 
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Failed to deserialize creator identity, err The supplied identity is not valid, Verify() returned x509: certificate has expired or is not yet valid
    at /opt/baas/nodesdk/node_modules/grpc/src/node/src/client.js:434:17
[2017-11-14 06:34:23.044] [ERROR] invoke-chaincode - transaction proposal was bad
[2017-11-14 06:34:23.044] [ERROR] invoke-chaincode - Failed to send Proposal or receive valid response. Response null or status is not 200. exiting...
[2017-11-14 06:34:23.044] [ERROR] invoke-chaincode - Failed to order the transaction. Error code: undefined
 
The flow of testAPI.sh is as following, it run without error until it arrived chaincode invocation.
create a channel->join the channel->install the chaincode->instantiate the chaincode->invoke the chaincode...
 
The error seems to tell the certificate of "Jim" who signed the invoke transaction is not yet valid while the peer verify its identify.  But after checking the certificate of Jim's ecert using openssl, and the log of peer, it shows the certificate is already valid when the checkSignatureFromCreator method starts on the peer.
 
Validity
            Not Before: Nov 14 06:25:00 2017 GMT
            Not After : Nov 14 06:25:00 2018 GMT
 
Here is the peer log around the time the error happened:
 
2017-11-14 06:34:23.041 UTC [protoutils] ValidateProposalMessage -> DEBU 5f2 ValidateProposalMessage starts for signed proposal 0xc4217f1080
2017-11-14 06:34:23.041 UTC [protoutils] validateChannelHeader -> DEBU 5f3 validateChannelHeader info: header type 3
2017-11-14 06:34:23.041 UTC [protoutils] checkSignatureFromCreator -> DEBU 5f4 checkSignatureFromCreator starts
2017-11-14 06:34:23.041 UTC [endorser] ProcessProposal -> DEBU 5f5 Exit
 
Really appreciate if you can shed some light on how to analyze this problem. For example, how to output more verbose log during checkSignatureFromCreator method, so that we can know details of the problem certificate. 
 
Thanks.

Best Regards,
Jian Wu Dai


_______________________________________________
Hyperledger-fabric mailing list
Hyperledger-fabric@lists.hyperledger.org
https://lists.hyperledger.org/mailman/listinfo/hyperledger-fabric


Join fabric@lists.hyperledger.org to automatically receive all group messages.