search

Hyperledger-TWGC / tape

A Simple Traffic Generator for Hyperledger Fabric
Apache License 2.0
223 stars 70 forks source link

Enable mutual TLS #35

Closed guoger closed 3 years ago

SamYuan1990 commented 3 years ago

Will check this one and try with pr in weekend.

SamYuan1990 commented 3 years ago

According to https://github.com/hyperledger/fabric/blob/master/internal/peer/common/peerclient.go#L53 and https://hyperledger-fabric.readthedocs.io/en/release-2.1/commands/peercommand.html?highlight=mutual%20TLS#usage

it seems we just need to add 

        RequireClientCert: true,

as option when create client.

I suppose we don't have test-network supports mutual TLS(I will have an attempt) but according to https://hyperledger-fabric.readthedocs.io/en/release-2.1/enable_tls.html?highlight=mutual%20TLS#configuring-tls-for-peers-nodes it seems we need to upgrade peer server and cli with

CORE_PEER_TLS_CLIENTAUTHREQUIRED = true

pls review it and if it's good enough, I will move forward.

SamYuan1990 commented 3 years ago

Ref to fabric code, https://github.com/hyperledger/fabric/blob/master/internal/pkg/comm/server.go#L105

so we adding this logic in mock server to test with mutual tls? the server tls file generated by test-network?