Re: #fabric #tls TLS handshake error on "exotic" ports whereas network works perfectly fine #fabric #tls


Jean-Gaël Dominé <jgdomine@...>
 

Hi,

Should I also define the CORE_PEER_GOSSIP_BOOTSTRAP variable?

Besides the TLS handshake error, I also have this kind of logs:
On peer0-org1:
2020-03-02
14:21:03.882 UTC [comm.grpc.server] 1 -> INFO 061 streaming call completed grpc.service=gossip.Gossip grpc.method=GossipStream grpc.request_deadline=2020-03-02T14:21:13.879Z grpc.peer_address=10.50.132.94:47148 grpc.peer_subject="CN=org1-peer1,OU=client+OU=org1,O=Hyperledger,ST=North Carolina,C=US" error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=2.742114ms

On peer1-org1:
2020-03-02 14:21:04.762 UTC [core.comm] ServerHandshake -> ERRO 04c TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.50.132.97:41680
2020-03-02 14:21:04.763 UTC [gossip.comm] func1 -> WARN 04d peer0-org1-miles-com:7051, PKIid:9171cf30e1574566fd441ea38b8453c78bb8a10e6c6e4ba742570a6675b16586 isn't responsive: EOF
2020-03-02 14:21:04.763 UTC [gossip.discovery] expireDeadMembers -> WARN 04e Entering [9171cf30e1574566fd441ea38b8453c78bb8a10e6c6e4ba742570a6675b16586]
2020-03-02 14:21:04.764 UTC [gossip.discovery] expireDeadMembers -> WARN 04f Closing connection to Endpoint: peer0-org1-miles-com:7051, InternalEndpoint: ,
PKI-ID: 9171cf30e1574566fd441ea38b8453c78bb8a10e6c6e4ba742570a6675b16586, Metadata:
2020-03-02 14:21:04.764 UTC [gossip.discovery] expireDeadMembers -> WARN 050 Exiting
2020-03-02 14:21:05.763 UTC [core.comm] ServerHandshake -> ERRO 051 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.50.132.97:41700
2020-03-02 14:21:07.639 UTC [core.comm] ServerHandshake -> ERRO 052 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.50.132.97:41740

I've checked my configuration again and I do not see the issue. My peers share the same chain of trust for their TLS certificates and I can see it in the genesis block.
How can I check if the gossip mechanism is actually working?

Thank you

Join fabric@lists.hyperledger.org to automatically receive all group messages.