Hyperledger Fabric-sdk-java 无法与订购者连接(未找到与本地主机匹配的主题备用 DNS 名称)
Hyperledger Fabric-sdk-java unable to connect with orderer(No subject alternative DNS name matching localhost found)
我正在使用余额转移示例来启动结构网络。该示例生成了 crypto-material。我在我的 Fabric-SDK-JAVA 集成中使用了 artifact folder
和 network-config.yaml
的相同引用。
我能够 enroll/register 用户,查询链码,甚至所有交易都得到了通道所有同行的成功认可。
但是,事务提交给排序者以进行提交失败并出现错误:
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214) ~[na:1.8.0_181]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_181]
at io.netty.handler.ssl.OpenSslTlsv13X509ExtendedTrustManager.checkServerTrusted(OpenSslTlsv13X509ExtendedTrustManager.java:239) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:247) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:697) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.internal.tcnative.SSL.readFromSSL(Native Method) ~[netty-tcnative-boringssl-static-2.0.25.Final.jar:2.0.25.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:570) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1146) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
... 25 common frames omitted
奇怪的是,同一个网络与 Node SDK 完美配合。我不确定我是否缺少一些使用 SSL 所需的配置(因为它在余额转移示例网络中默认启用)。
我在主机文件中添加了主机条目。
即使是本地主机,您也必须使用证书涵盖的主机名(即它是主题备用名称之一)。 (在更复杂的情况下,您可以使用自己的 javax.net.ssl.hostnameVerifier,但现在不需要。)
我正在使用余额转移示例来启动结构网络。该示例生成了 crypto-material。我在我的 Fabric-SDK-JAVA 集成中使用了 artifact folder
和 network-config.yaml
的相同引用。
我能够 enroll/register 用户,查询链码,甚至所有交易都得到了通道所有同行的成功认可。
但是,事务提交给排序者以进行提交失败并出现错误:
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214) ~[na:1.8.0_181]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[na:1.8.0_181]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_181]
at io.netty.handler.ssl.OpenSslTlsv13X509ExtendedTrustManager.checkServerTrusted(OpenSslTlsv13X509ExtendedTrustManager.java:239) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:247) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:697) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.internal.tcnative.SSL.readFromSSL(Native Method) ~[netty-tcnative-boringssl-static-2.0.25.Final.jar:2.0.25.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:570) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1146) ~[netty-handler-4.1.36.Final.jar:4.1.36.Final]
... 25 common frames omitted
奇怪的是,同一个网络与 Node SDK 完美配合。我不确定我是否缺少一些使用 SSL 所需的配置(因为它在余额转移示例网络中默认启用)。
我在主机文件中添加了主机条目。
即使是本地主机,您也必须使用证书涵盖的主机名(即它是主题备用名称之一)。 (在更复杂的情况下,您可以使用自己的 javax.net.ssl.hostnameVerifier,但现在不需要。)