1
  1. I bring up 4 peers using byfn.sh.
  2. Everything comes up fine and I can see the orderer, peers, CA nodes, etc. running in docker containers
  3. I then use a custom service layer application that uses the Fabric Node SDK to connect with this network.
  4. I have no issues making the connection using byfn.sh generated TLS CA certificate (/usr/local/src/test_env/hlf_scripts/first-network/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem)
  5. Here are the docker log messages for the call Gateway.getNetwork(“mychannel”):
2020-01-14 22:12:20.981 UTC [comm.grpc.server] 1 -> INFO 083 unary call completed grpc.service=discovery.Discovery grpc.method=Discover grpc.peer_address=192.168.80.1:38858 grpc.code=OK grpc.call_duration=515.21µs

2020-01-14 22:12:21.012 UTC [comm.grpc.server] 1 -> INFO 084 unary call completed grpc.service=discovery.Discovery grpc.method=Discover grpc.peer_address=192.168.80.1:38858 grpc.code=OK grpc.call_duration=552.801µs
  1. I then bring up another client application, that uses pretty much the same code, for manipulating the network. The first step here is to ensure that the user’s (admin in this case) identity exists and can be imported into a wallet. The same piece of code is used to generate this identity, and using the same connection profile (connection_org1.json). The identity can be created and imported into the filesystem wallet.
  2. I can connect to the network using the Gateway.connect(…) method and using the connection profile connection_org1.json. However, the moment I invoke Gateway.getNetwork(“mychannel”), my issues start. Here is the error returned by the Fabric SDK:
    [nodemon] starting `node ./dist/server.js`

    Express server listening on port 3050

    Wallet path: /usr/local/src/fabric-network-code/wallet

    E0114 17:16:47.872273165    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    E0114 17:16:48.873788447    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    E0114 17:16:50.368082218    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    2020-01-14T22:16:50.869Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:7051

    2020-01-14T22:16:50.870Z - error: [Channel.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:7051

    E0114 17:16:50.877630619    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    E0114 17:16:51.876732084    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    E0114 17:16:53.263732590    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    E0114 17:16:53.303070959    1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

    2020-01-14T22:16:53.875Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:8051

    2020-01-14T22:16:53.875Z - error: [Channel.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:8051

    2020-01-14T22:16:53.875Z - error: [Network]: _initializeInternalChannel: Unable to initialize channel. Attempted to contact 2 Peers. Last error was Error: Failed to connect before the deadline URL:grpcs://localhost:8051

    Unable to initialize channel. Attempted to contact 2 Peers. Last error was Error: Failed to connect before the deadline URL:grpcs://localhost:8051

    [nodemon] app crashed - waiting for file changes before starting...
  1. And here is the log from the docker container log for peer0.org1.example.com
    2020-01-14 22:16:47.872 UTC [core.comm] ServerHandshake -> ERRO 085 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38886

    2020-01-14 22:16:48.874 UTC [core.comm] ServerHandshake -> ERRO 086 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38890

    2020-01-14 22:16:50.368 UTC [core.comm] ServerHandshake -> ERRO 087 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38894

    2020-01-14 22:16:53.303 UTC [core.comm] ServerHandshake -> ERRO 088 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38910

I have tried various permutations and combinations of using different certs but not getting anywhere. Online forums indicate this is an issue of communication between orderer and the peer. However, there are no error messages in the orderer.

I have asked this question in chat.hyperledger.org but no response yet.

J. Scott Elblein
  • 4,013
  • 15
  • 58
  • 94
Ashish Chandra
  • 111
  • 1
  • 8

1 Answers1

0

So extremely foolish of me. I had a crypto-config directory sitting in my node project folder (I don't know when I may have copied it over....) and that was throwing off the tlscacert variable.

I have removed the offending directory and now it is reading the correct one under .../first-network/crypto-config/.../<tlsca file>.pem

Sometimes (and quite often :-) ) the answer is right there but one is too stupid to see it!!!

J. Scott Elblein
  • 4,013
  • 15
  • 58
  • 94
Ashish Chandra
  • 111
  • 1
  • 8