Unverified Commit c7b3fe02 authored by Artem Barger's avatar Artem Barger
Browse files

Enable to bypass gossip security identity checks



In order to enable peer to connect to the organization leaders
using same certificate adding a new configuration key which
allows bypassing identity verification.

Following parameter has to be added to the list of env variables
or core.yaml:

 - CORE_PEER_GOSSIP_IGNORESECURITY=true

Change-Id: I2cc18f290f1d36ad3900fe3ded4997fbc3d885c5
Signed-off-by: default avatarArtem Barger <bartem@il.ibm.com>
parent 0c2dff7f
......@@ -21,9 +21,12 @@ import (
"strings"
"time"
"github.com/hyperledger/fabric/gossip/api"
"github.com/hyperledger/fabric/gossip/common"
"github.com/hyperledger/fabric/gossip/gossip"
"github.com/hyperledger/fabric/peer/gossip/mcs"
"github.com/hyperledger/fabric/peer/gossip/sa"
"github.com/spf13/viper"
"google.golang.org/grpc"
)
......@@ -58,5 +61,43 @@ func NewGossipComponent(identity []byte, endpoint string, s *grpc.Server, dialOp
conf := newConfig(endpoint, bootPeers...)
cryptSvc := mcs.NewMessageCryptoService()
secAdv := sa.NewSecurityAdvisor()
if viper.GetBool("peer.gossip.ignoresecurity") {
sec := &secImpl{[]byte(endpoint)}
cryptSvc = sec
secAdv = sec
identity = []byte(endpoint)
}
return gossip.NewGossipService(conf, s, secAdv, cryptSvc, identity, dialOpts...)
}
type secImpl struct {
identity []byte
}
func (*secImpl) OrgByPeerIdentity(api.PeerIdentityType) api.OrgIdentityType {
return api.OrgIdentityType("DEFAULT")
}
func (s *secImpl) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType {
return common.PKIidType(peerIdentity)
}
func (s *secImpl) VerifyBlock(chainID common.ChainID, signedBlock api.SignedBlock) error {
return nil
}
func (s *secImpl) Sign(msg []byte) ([]byte, error) {
return msg, nil
}
func (s *secImpl) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
return nil
}
func (s *secImpl) VerifyByChannel(chainID common.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error {
return nil
}
func (s *secImpl) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
return nil
}
......@@ -27,6 +27,7 @@ import (
"github.com/hyperledger/fabric/msp"
"github.com/hyperledger/fabric/protos/peer"
"github.com/spf13/viper"
)
type AnchorPeerParser struct {
......@@ -126,6 +127,11 @@ func anchorPeerFromFile(filename string) (*peer.AnchorPeer, error) {
Port: int32(port),
Cert: identity,
}
if viper.GetBool("peer.gossip.ignoresecurity") {
ap.Cert = []byte(fmt.Sprintf("%s:%d", ap.Host, ap.Port))
}
return ap, nil
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment