Re: Need help in configuring TLS for chaincode server


Matthew Sykes
 

Unfortunately, the traceback doesn't really shed any light on the situation as almost all errors invoking chaincode will show the same stack.

Did you set 'tls_required' and 'client_auth_required' to true in the 'connection.json' provided to the peer?

On Thu, Sep 24, 2020 at 7:05 AM sathya.kplm@... <sathya.kplm@...> wrote:
Hi Folks,
I have some trouble while peer communicates with the chaincode server with TLS enabled. I am providing a summary of what I did.

  • Created two CAs: chaincodeserverCA, peerClientCA
  • Created a private key called 'server.key' and created a certificate 'server.cert' signed by chaincodeserverCA
  • Created a private key called 'peer.key'  and created a certificate 'peer.cert' signed by peerClientCA
  • started the chaincode server with the following TLS settings
    • Key: contents of server.key
    • Cert: contents of server.cert
    • ClientCACerts: peerClientCA's root certificate
  • Installed a package with release build creating a connection.json such that
    • client_key: peer.key
    • client_cert: peer.cert
    • root_cert: chaincodeserverCA's root certificate
When invoking the chaincode with above configuration, I am getting the following error from peer CLI:
Error: endorsement failure during invoke. response: status:500 message:"error in simulation: failed to execute transaction b7378fa2692d3e1c2d9382a61c6683a58a2ad20751aaf933abd5a3d2457b9c72: could not launch chaincode fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1: connection to fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1 failed: error cannot create connection for fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1: error creating grpc connection to 172.19.0.5:7052: failed to create new connection: context deadline exceeded"

The peer logs are like this:
2020-09-24 10:31:47.480 UTC [endorser] callChaincode -> INFO 05c finished chaincode: marbles duration: 10001ms channel=mychannel txID=b7378fa2
2020-09-24 10:31:47.480 UTC [endorser] SimulateProposal -> ERRO 05d failed to invoke chaincode marbles, error: context deadline exceeded
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1357
failed to create new connection
error creating grpc connection to 172.19.0.5:7052
error cannot create connection for fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1
connection to fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1 failed
could not launch chaincode fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1357
failed to execute transaction b7378fa2692d3e1c2d9382a61c6683a58a2ad20751aaf933abd5a3d2457b9c72
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1357 channel=mychannel txID=b7378fa2
2020-09-24 10:31:47.480 UTC [comm.grpc.server] 1 -> INFO 05e unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=192.168.64.1:47884 grpc.code=OK grpc.call_duration=10.003026s


The chaincode invoke works perfectly fine if I disable the TLS.

Any pointers on this will be really helpful. Please let me know where I am going wrong.

Thanks,
Sathyanarayanan S



--
Matthew Sykes
matthew.sykes@...

Join fabric@lists.hyperledger.org to automatically receive all group messages.