Skip to content

v1.1.5 Ansible Collection
Compare
Choose a tag to compare
@mbwhite mbwhite released this 01 Feb 14:07
· 42 commits to main since this release
v1.1.5
b9c76b4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is a bug-fix release for a specific issue relating to TLS certificates on Orderers.

For the chaincode tasks (approve, commit and instantiate) the underlying 'peer' command needs to contact the ordering service. Over TLS this needs to be provided with a certificate to give to the networking TLS layer; today this is done by obtaining TLS certificates for each ordering node from the channel. However these are individual certificates per node.

When the TLS certs are updated however this stops working. It is also the wrong thing to do in general for TLS - a 'root trust' certificate should be provided that can verify the certificate from the orderer.

To provide this ability a property 'orderer_name' has been added to the chaincode tasks. This should be set with the name of the ordering service - this will be queried for it's root tls certificate. And that will then be used.

For backward compatibility, checking the channel for certificates is still present, but should be considered deprecated. It is better to use the orderer_name and therefore use the correct certificate authority certificate.

Assets 2