Fabric requires a SHA-256 hash of the client certificate used for mutual TLS authentication to be included in a block events request. This is to avoid replay attacks by ensuring that no TLS proxy (or man-in-the-middle) exists between the client and the Fabric Deliver service. Fabric checks that the hash of the client certificate included in the request matches the hash of the client certificate used to establish the TLS connection.
This change adds a Gateway connect option to specify the hash of the TLS client certificate, which is then included in the ChannelHeader for any block events request. This option is required only if using block eventing over a gRPC connection that uses mutual TLS authentication.
Fabric requires a SHA-256 hash of the client certificate used for mutual TLS authentication to be included in a block events request. This is to avoid replay attacks by ensuring that no TLS proxy (or man-in-the-middle) exists between the client and the Fabric Deliver service. Fabric checks that the hash of the client certificate included in the request matches the hash of the client certificate used to establish the TLS connection.
This change adds a Gateway connect option to specify the hash of the TLS client certificate, which is then included in the ChannelHeader for any block events request. This option is required only if using block eventing over a gRPC connection that uses mutual TLS authentication.
Closes #684