Commits on Oct 6, 2020

1. FAB-18192 Fixed TLS certs validation for consenters. (#1888) …

   * FAB-18192 Fixed TLS certs validation for consenters.
   Verification of TLS cert against simulated config, not the last one. To achieve that, metadata validator interface was changed, now it requires orderer config instead of just consensus metadata. Also, TLS verification was moved to VerifyMetadata function, it shouldn't have been part of ComputeMembershipChanges. Fixed tests.
   
   Signed-off-by: kopaygorodsky <vlad.kopaygorodsky@gmail.com>
   
   * fixed consenters tests
   
   Signed-off-by: kopaygorodsky <vlad.kopaygorodsky@gmail.com>
   
   * modified VerifyConfigMetadata with ignoreCertExpiration option
   
   Signed-off-by: kopaygorodsky <vlad.kopaygorodsky@gmail.com>
   
   * generation of verifying options based only on simulated config, fixes
   
   Signed-off-by: kopaygorodsky <vlad.kopaygorodsky@gmail.com>
   
   * fixed consenters map
   
   Signed-off-by: kopaygorodsky <vlad.kopaygorodsky@gmail.com>
   
   * Removed ignoreCertExpiration option from VerifyConfigMetadata, certs expiration is checked only on new consenters.
   Improved tests.
   
   Signed-off-by: kopaygorodsky <vlad.kopaygorodsky@gmail.com>
   (cherry picked from commit 886d3cc)
   
   # Conflicts:
   #	orderer/common/msgprocessor/systemchannelfilter_test.go
   #	orderer/common/multichannel/chainsupport_test.go
   #	orderer/consensus/etcdraft/consenter.go
   #	orderer/consensus/etcdraft/consenter_test.go
   #	orderer/consensus/etcdraft/util_test.go

   

   kopaygorodsky authored and mergify-bot committed Oct 6, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 3b1a78d
   • Browse repository at this point

   Copy the full SHA

   3b1a78d View commit details

   Browse the repository at this point in the history