From bb0738890ef4600cb65f35ab40fdf2b0dc9fd17f Mon Sep 17 00:00:00 2001 From: Simon Stone Date: Thu, 18 Mar 2021 11:55:43 +0000 Subject: [PATCH] Fix SSL target name override issue (#84) Signed-off-by: Simon Stone --- internal/pkg/ca/ca.go | 8 ++++++++ internal/pkg/console/console.go | 24 ++++++++++++------------ internal/pkg/orderer/orderer.go | 8 ++++++++ internal/pkg/peer/peer.go | 16 ++++++++++++++++ 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/internal/pkg/ca/ca.go b/internal/pkg/ca/ca.go index fcc578e..51666e0 100644 --- a/internal/pkg/ca/ca.go +++ b/internal/pkg/ca/ca.go @@ -94,6 +94,14 @@ func (c *CA) APIURL(internal bool) *url.URL { return c.apiURL } +// OperationsHostname returns the hostname of the CA. +func (c *CA) OperationsHostname(internal bool) string { + if internal { + return "localhost" + } + return c.operationsURL.Hostname() +} + // OperationsHost returns the host (hostname:port) of the CA. func (c *CA) OperationsHost(internal bool) string { if internal { diff --git a/internal/pkg/console/console.go b/internal/pkg/console/console.go index 1f195f8..b9f9383 100644 --- a/internal/pkg/console/console.go +++ b/internal/pkg/console/console.go @@ -254,13 +254,13 @@ func (c *Console) getOrderer(req *http.Request) *jsonOrderer { APIURL: c.getDynamicURL(req, c.orderer.APIURL(false)), APIOptions: &jsonOptions{ DefaultAuthority: c.orderer.APIHost(false), - SSLTargetNameOverride: c.orderer.APIHost(false), + SSLTargetNameOverride: c.orderer.APIHostname(false), RequestTimeout: 300 * 1000, }, OperationsURL: c.getDynamicURL(req, c.orderer.OperationsURL(false)), OperationsOptions: &jsonOptions{ DefaultAuthority: c.orderer.OperationsHost(false), - SSLTargetNameOverride: c.orderer.OperationsHost(false), + SSLTargetNameOverride: c.orderer.OperationsHostname(false), RequestTimeout: 300 * 1000, }, MSPID: "OrdererMSP", @@ -285,19 +285,19 @@ func (c *Console) getPeer(req *http.Request, peer *peer.Peer) *jsonPeer { APIURL: c.getDynamicURL(req, peer.APIURL(false)), APIOptions: &jsonOptions{ DefaultAuthority: peer.APIHost(false), - SSLTargetNameOverride: peer.APIHost(false), + SSLTargetNameOverride: peer.APIHostname(false), RequestTimeout: 300 * 1000, }, ChaincodeURL: c.getDynamicURL(req, peer.ChaincodeURL(false)), ChaincodeOptions: &jsonOptions{ DefaultAuthority: peer.ChaincodeHost(false), - SSLTargetNameOverride: peer.ChaincodeHost(false), + SSLTargetNameOverride: peer.ChaincodeHostname(false), RequestTimeout: 300 * 1000, }, OperationsURL: c.getDynamicURL(req, peer.OperationsURL(false)), OperationsOptions: &jsonOptions{ DefaultAuthority: peer.OperationsHost(false), - SSLTargetNameOverride: peer.OperationsHost(false), + SSLTargetNameOverride: peer.OperationsHostname(false), RequestTimeout: 300 * 1000, }, MSPID: peer.MSPID(), @@ -334,7 +334,7 @@ func (c *Console) getGateway(req *http.Request, peer *peer.Peer) map[string]inte "url": c.getDynamicURL(req, peer.APIURL(false)), "grpcOptions": map[string]interface{}{ "grpc.default_authority": peer.APIHost(false), - "grpc.ssl_target_name_override": peer.APIHost(false), + "grpc.ssl_target_name_override": peer.APIHostname(false), }, } if tls := peer.TLS(); tls != nil { @@ -379,16 +379,16 @@ func (c *Console) getGateway(req *http.Request, peer *peer.Peer) map[string]inte ca.APIHost(false), } c := map[string]interface{}{ - ca.APIHost(false): map[string]interface{}{ - "url": c.getDynamicURL(req, ca.APIURL(false)), - }, + "url": c.getDynamicURL(req, ca.APIURL(false)), } if tls := ca.TLS(); tls != nil { c["tlsCACerts"] = map[string][]string{ "pem": {string(tls.CA().Bytes())}, } } - result["certificateAuthorities"] = c + result["certificateAuthorities"] = map[string]interface{}{ + ca.APIHost(false): c, + } } return result } @@ -412,13 +412,13 @@ func (c *Console) getCA(req *http.Request, ca *ca.CA) *jsonCA { APIURL: c.getDynamicURL(req, ca.APIURL(false)), APIOptions: &jsonOptions{ DefaultAuthority: ca.APIHost(false), - SSLTargetNameOverride: ca.APIHost(false), + SSLTargetNameOverride: ca.APIHostname(false), RequestTimeout: 300 * 1000, }, OperationsURL: c.getDynamicURL(req, ca.OperationsURL(false)), OperationsOptions: &jsonOptions{ DefaultAuthority: ca.OperationsHost(false), - SSLTargetNameOverride: ca.OperationsHost(false), + SSLTargetNameOverride: ca.OperationsHostname(false), RequestTimeout: 300 * 1000, }, MSPID: ca.Organization().MSPID(), diff --git a/internal/pkg/orderer/orderer.go b/internal/pkg/orderer/orderer.go index a7bcdfb..83b05e9 100644 --- a/internal/pkg/orderer/orderer.go +++ b/internal/pkg/orderer/orderer.go @@ -104,6 +104,14 @@ func (o *Orderer) APIURL(internal bool) *url.URL { return o.apiURL } +// OperationsHostname returns the hostname of the orderer. +func (o *Orderer) OperationsHostname(internal bool) string { + if internal { + return "localhost" + } + return o.operationsURL.Hostname() +} + // OperationsHost returns the host (hostname:port) of the orderer. func (o *Orderer) OperationsHost(internal bool) string { if internal { diff --git a/internal/pkg/peer/peer.go b/internal/pkg/peer/peer.go index efcac67..474ef37 100644 --- a/internal/pkg/peer/peer.go +++ b/internal/pkg/peer/peer.go @@ -112,6 +112,14 @@ func (p *Peer) APIURL(internal bool) *url.URL { return p.apiURL } +// ChaincodeHostname returns the hostname of the peer. +func (p *Peer) ChaincodeHostname(internal bool) string { + if internal { + return "localhost" + } + return p.chaincodeURL.Hostname() +} + // ChaincodeHost returns the host (hostname:port) of the peer. func (p *Peer) ChaincodeHost(internal bool) string { if internal { @@ -142,6 +150,14 @@ func (p *Peer) ChaincodeURL(internal bool) *url.URL { return p.chaincodeURL } +// OperationsHostname returns the hostname of the peer. +func (p *Peer) OperationsHostname(internal bool) string { + if internal { + return "localhost" + } + return p.operationsURL.Hostname() +} + // OperationsHost returns the host (hostname:port) of the peer. func (p *Peer) OperationsHost(internal bool) string { if internal {