diff --git a/core/comm/connection.go b/core/comm/connection.go index 6fb4de9cffb..b62f0d3aee1 100644 --- a/core/comm/connection.go +++ b/core/comm/connection.go @@ -102,9 +102,11 @@ func (cas *CASupport) GetDeliverServiceCredentials() credentials.TransportCreden // GetPeerCredentials returns GRPC transport credentials for use by GRPC // clients which communicate with remote peer endpoints. -func (cas *CASupport) GetPeerCredentials() credentials.TransportCredentials { +func (cas *CASupport) GetPeerCredentials(tlsCert tls.Certificate) credentials.TransportCredentials { var creds credentials.TransportCredentials - var tlsConfig = &tls.Config{} + var tlsConfig = &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + } var certPool = x509.NewCertPool() // loop through the orderer CAs roots, _ := cas.GetServerRootCAs() diff --git a/core/comm/connection_test.go b/core/comm/connection_test.go index 459a0f05874..4c8b0adbf87 100644 --- a/core/comm/connection_test.go +++ b/core/comm/connection_test.go @@ -24,6 +24,8 @@ import ( "github.com/spf13/viper" + "crypto/tls" + "github.com/hyperledger/fabric/core/testutil" "github.com/stretchr/testify/assert" "google.golang.org/grpc" @@ -142,7 +144,7 @@ func TestCASupport(t *testing.T) { creds := cas.GetDeliverServiceCredentials() assert.Equal(t, "1.2", creds.Info().SecurityVersion, "Expected Security version to be 1.2") - creds = cas.GetPeerCredentials() + creds = cas.GetPeerCredentials(tls.Certificate{}) assert.Equal(t, "1.2", creds.Info().SecurityVersion, "Expected Security version to be 1.2") @@ -152,7 +154,7 @@ func TestCASupport(t *testing.T) { creds = cas.GetDeliverServiceCredentials() assert.Equal(t, "1.2", creds.Info().SecurityVersion, "Expected Security version to be 1.2") - creds = cas.GetPeerCredentials() + creds = cas.GetPeerCredentials(tls.Certificate{}) assert.Equal(t, "1.2", creds.Info().SecurityVersion, "Expected Security version to be 1.2") diff --git a/core/comm/server.go b/core/comm/server.go index a767b53cf76..4b023477650 100644 --- a/core/comm/server.go +++ b/core/comm/server.go @@ -140,6 +140,7 @@ func NewGRPCServerFromListener(listener net.Listener, secureConfig SecureServerC Certificates: certificates, SessionTicketsDisabled: true, } + grpcServer.tlsConfig.ClientAuth = tls.RequestClientCert //checkif client authentication is required if secureConfig.RequireClientCert { //require TLS client auth diff --git a/examples/cluster/config/core.yaml b/examples/cluster/config/core.yaml index 812bd68c5d6..dbd5185b9cb 100644 --- a/examples/cluster/config/core.yaml +++ b/examples/cluster/config/core.yaml @@ -155,9 +155,6 @@ peer: # This is an endpoint that is published to peers outside of the organization. # If this isn't set, the peer will not be known to other organizations. externalEndpoint: - # Makes gossip skip verification of remote peer signature when performing - # the authentication handshake with remote peers - skipHandshake: true # Leader election service configuration election: diff --git a/examples/e2e_cli/base/peer-base.yaml b/examples/e2e_cli/base/peer-base.yaml index 5212044d4ff..9a3a3fb6e3f 100644 --- a/examples/e2e_cli/base/peer-base.yaml +++ b/examples/e2e_cli/base/peer-base.yaml @@ -19,9 +19,6 @@ services: - CORE_PEER_ENDORSER_ENABLED=true - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - # The following setting skips the gossip handshake since we are - # are not doing mutual TLS - - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true - CORE_PEER_PROFILE_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key diff --git a/gossip/comm/comm_impl.go b/gossip/comm/comm_impl.go index d09cfbe4073..c482a3199c8 100644 --- a/gossip/comm/comm_impl.go +++ b/gossip/comm/comm_impl.go @@ -108,10 +108,6 @@ func NewCommInstanceWithServer(port int, idMapper identity.Mapper, peerIdentity proto.RegisterGossipServer(s, commInst) } - if viper.GetBool("peer.gossip.skipHandshake") { - commInst.skipHandshake = true - } - return commInst, nil } @@ -416,10 +412,11 @@ func (c *commImpl) authenticateRemotePeer(stream stream) (*proto.ConnectionInfo, var err error var cMsg *proto.SignedGossipMessage var signer proto.Signer + useTLS := c.selfCertHash != nil - // If TLS is detected, sign the hash of our cert to bind our TLS cert - // to the gRPC session - if remoteCertHash != nil && c.selfCertHash != nil && !c.skipHandshake { + // If TLS is enabled, sign the connection message in order to bind + // the TLS session to the peer's identity + if useTLS { signer = func(msg []byte) ([]byte, error) { return c.idMapper.Sign(msg) } @@ -430,29 +427,34 @@ func (c *commImpl) authenticateRemotePeer(stream stream) (*proto.ConnectionInfo, } } + // TLS enabled but not detected on other side + if useTLS && len(remoteCertHash) == 0 { + c.logger.Warningf("%s didn't send TLS certificate", remoteAddress) + return nil, errors.New("No TLS certificate") + } + cMsg = c.createConnectionMsg(c.PKIID, c.selfCertHash, c.peerIdentity, signer) c.logger.Debug("Sending", cMsg, "to", remoteAddress) stream.Send(cMsg.Envelope) m, err := readWithTimeout(stream, util.GetDurationOrDefault("peer.gossip.connTimeout", defConnTimeout), remoteAddress) if err != nil { - err := fmt.Errorf("Failed reading messge from %s, reason: %v", remoteAddress, err) - c.logger.Warning(err) + c.logger.Warningf("Failed reading messge from %s, reason: %v", remoteAddress, err) return nil, err } receivedMsg := m.GetConn() if receivedMsg == nil { - c.logger.Warning("Expected connection message but got", receivedMsg) + c.logger.Warning("Expected connection message from", remoteAddress, "but got", receivedMsg) return nil, errors.New("Wrong type") } if receivedMsg.PkiId == nil { - c.logger.Warning("%s didn't send a pkiID") - return nil, fmt.Errorf("%s didn't send a pkiID", remoteAddress) + c.logger.Warning("%s didn't send a pkiID", remoteAddress) + return nil, errors.New("No PKI-ID") } c.logger.Debug("Received", receivedMsg, "from", remoteAddress) - err = c.idMapper.Put(receivedMsg.PkiId, receivedMsg.Cert) + err = c.idMapper.Put(receivedMsg.PkiId, receivedMsg.Identity) if err != nil { c.logger.Warning("Identity store rejected", remoteAddress, ":", err) return nil, err @@ -460,20 +462,22 @@ func (c *commImpl) authenticateRemotePeer(stream stream) (*proto.ConnectionInfo, connInfo := &proto.ConnectionInfo{ ID: receivedMsg.PkiId, - Identity: receivedMsg.Cert, + Identity: receivedMsg.Identity, Endpoint: remoteAddress, } // if TLS is enabled and detected, verify remote peer - if remoteCertHash != nil && c.selfCertHash != nil && !c.skipHandshake { - if !bytes.Equal(remoteCertHash, receivedMsg.Hash) { - return nil, fmt.Errorf("Expected %v in remote hash, but got %v", remoteCertHash, receivedMsg.Hash) + if useTLS { + // If the remote peer sent its TLS certificate, make sure it actually matches the TLS cert + // that the peer used. + if !bytes.Equal(remoteCertHash, receivedMsg.TlsCertHash) { + return nil, fmt.Errorf("Expected %v in remote hash of TLS cert, but got %v", remoteCertHash, receivedMsg.TlsCertHash) } verifier := func(peerIdentity []byte, signature, message []byte) error { pkiID := c.idMapper.GetPKIidOfCert(api.PeerIdentityType(peerIdentity)) return c.idMapper.Verify(pkiID, signature, message) } - err = m.Verify(receivedMsg.Cert, verifier) + err = m.Verify(receivedMsg.Identity, verifier) if err != nil { c.logger.Error("Failed verifying signature from", remoteAddress, ":", err) return nil, err @@ -484,13 +488,6 @@ func (c *commImpl) authenticateRemotePeer(stream stream) (*proto.ConnectionInfo, } } - // TLS enabled but not detected on other side, and we're not configured to skip handshake verification - if remoteCertHash == nil && c.selfCertHash != nil && !c.skipHandshake { - err = fmt.Errorf("Remote peer %s didn't send TLS certificate", remoteAddress) - c.logger.Warning(err) - return nil, err - } - c.logger.Debug("Authenticated", remoteAddress) return connInfo, nil @@ -583,15 +580,15 @@ func readWithTimeout(stream interface{}, timeout time.Duration, address string) } } -func (c *commImpl) createConnectionMsg(pkiID common.PKIidType, hash []byte, cert api.PeerIdentityType, signer proto.Signer) *proto.SignedGossipMessage { +func (c *commImpl) createConnectionMsg(pkiID common.PKIidType, certHash []byte, cert api.PeerIdentityType, signer proto.Signer) *proto.SignedGossipMessage { m := &proto.GossipMessage{ Tag: proto.GossipMessage_EMPTY, Nonce: 0, Content: &proto.GossipMessage_Conn{ Conn: &proto.ConnEstablish{ - Hash: hash, - Cert: cert, - PkiId: pkiID, + TlsCertHash: certHash, + Identity: cert, + PkiId: pkiID, }, }, } diff --git a/gossip/comm/comm_test.go b/gossip/comm/comm_test.go index ff7ed40a5c2..1d3883ac631 100644 --- a/gossip/comm/comm_test.go +++ b/gossip/comm/comm_test.go @@ -23,6 +23,7 @@ import ( "crypto/tls" "fmt" "math/rand" + "net" "os" "strings" "sync" @@ -110,21 +111,33 @@ func newCommInstance(port int, sec api.MessageCryptoService) (Comm, error) { return inst, err } -func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte) []byte, pkiIDmutator func([]byte) []byte, mutualTLS bool) <-chan proto.ReceivedMessage { +type msgMutator func(*proto.SignedGossipMessage) *proto.SignedGossipMessage +type msgConsumer func(*proto.SignedGossipMessage) + +type tlsType int + +const ( + none tlsType = iota + oneWayTLS + mutualTLS +) + +func handshaker(endpoint string, comm Comm, t *testing.T, connMutator msgMutator, connType tlsType) <-chan proto.ReceivedMessage { c := &commImpl{} cert := GenerateCertificatesOrPanic() tlsCfg := &tls.Config{ InsecureSkipVerify: true, } - - if mutualTLS { + if connType == mutualTLS { tlsCfg.Certificates = []tls.Certificate{cert} } - ta := credentials.NewTLS(tlsCfg) - + secureOpts := grpc.WithTransportCredentials(ta) + if connType == none { + secureOpts = grpc.WithInsecure() + } acceptChan := comm.Accept(acceptAll) - conn, err := grpc.Dial("localhost:9611", grpc.WithTransportCredentials(ta), grpc.WithBlock(), grpc.WithTimeout(time.Second)) + conn, err := grpc.Dial("localhost:9611", secureOpts, grpc.WithBlock(), grpc.WithTimeout(time.Second)) assert.NoError(t, err, "%v", err) if err != nil { return nil @@ -134,49 +147,34 @@ func handshaker(endpoint string, comm Comm, t *testing.T, sigMutator func([]byte assert.NoError(t, err, "%v", err) if err != nil { return nil - } // cert.Certificate[0] + } var clientCertHash []byte - if mutualTLS { + if len(tlsCfg.Certificates) > 0 { clientCertHash = certHashFromRawCert(tlsCfg.Certificates[0].Certificate[0]) } pkiID := common.PKIidType(endpoint) - if pkiIDmutator != nil { - pkiID = common.PKIidType(pkiIDmutator([]byte(endpoint))) - } assert.NoError(t, err, "%v", err) msg := c.createConnectionMsg(pkiID, clientCertHash, []byte(endpoint), func(msg []byte) ([]byte, error) { - if !mutualTLS { - return msg, nil - } mac := hmac.New(sha256.New, hmacKey) mac.Write(msg) return mac.Sum(nil), nil }) - - if sigMutator != nil { - msg.Envelope.Signature = sigMutator(msg.Envelope.Signature) - } - + // Mutate connection message to test negative paths + msg = connMutator(msg) + // Send your own connection message stream.Send(msg.Envelope) + // Wait for connection message from the other side envelope, err := stream.Recv() + if err != nil { + return acceptChan + } assert.NoError(t, err, "%v", err) msg, err = envelope.ToGossipMessage() assert.NoError(t, err, "%v", err) - if sigMutator == nil { - hash := extractCertificateHashFromContext(stream.Context()) - expectedMsg := c.createConnectionMsg(common.PKIidType("localhost:9611"), hash, []byte("localhost:9611"), func(msg []byte) ([]byte, error) { - mac := hmac.New(sha256.New, hmacKey) - mac.Write(msg) - return mac.Sum(nil), nil - }) - if mutualTLS { - assert.Equal(t, expectedMsg.Envelope.Signature, msg.Envelope.Signature) - } - - } assert.Equal(t, []byte("localhost:9611"), msg.GetConn().PkiId) + assert.Equal(t, extractCertificateHashFromContext(stream.Context()), msg.GetConn().TlsCertHash) msg2Send := createGossipMsg() nonce := uint64(rand.Int()) msg2Send.Nonce = nonce @@ -203,58 +201,130 @@ func TestViperConfig(t *testing.T) { func TestHandshake(t *testing.T) { t.Parallel() - comm, _ := newCommInstance(9611, naiveSec) + signer := func(msg []byte) ([]byte, error) { + mac := hmac.New(sha256.New, hmacKey) + mac.Write(msg) + return mac.Sum(nil), nil + } + mutator := func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + return msg + } + assertPositivePath := func(msg proto.ReceivedMessage, endpoint string) { + expectedPKIID := common.PKIidType(endpoint) + assert.Equal(t, expectedPKIID, msg.GetConnectionInfo().ID) + assert.Equal(t, api.PeerIdentityType(endpoint), msg.GetConnectionInfo().Identity) + assert.NotNil(t, msg.GetConnectionInfo().Auth) + assert.True(t, msg.GetConnectionInfo().IsAuthenticated()) + sig, _ := (&naiveSecProvider{}).Sign(msg.GetConnectionInfo().Auth.SignedData) + assert.Equal(t, sig, msg.GetConnectionInfo().Auth.Signature) + } + + // Positive path 1 - check authentication without TLS + ll, err := net.Listen("tcp", fmt.Sprintf("%s:%d", "", 9611)) + s := grpc.NewServer() + go s.Serve(ll) + + id := []byte("localhost:9611") + idMapper := identity.NewIdentityMapper(naiveSec, id) + inst, err := NewCommInstance(s, nil, idMapper, api.PeerIdentityType("localhost:9611"), func() []grpc.DialOption { + return []grpc.DialOption{grpc.WithInsecure()} + }) + assert.NoError(t, err) + var msg proto.ReceivedMessage + + acceptChan := handshaker("localhost:9608", inst, t, mutator, none) + select { + case <-time.After(time.Duration(time.Second * 4)): + assert.FailNow(t, "Didn't receive a message, seems like handshake failed") + case msg = <-acceptChan: + } + assert.Equal(t, common.PKIidType("localhost:9608"), msg.GetConnectionInfo().ID) + assert.Equal(t, api.PeerIdentityType("localhost:9608"), msg.GetConnectionInfo().Identity) + assert.Nil(t, msg.GetConnectionInfo().Auth) + assert.False(t, msg.GetConnectionInfo().IsAuthenticated()) + + inst.Stop() + s.Stop() + ll.Close() + time.Sleep(time.Second) + + comm, err := newCommInstance(9611, naiveSec) + assert.NoError(t, err) defer comm.Stop() + // Positive path 2: initiating peer sends its own certificate + acceptChan = handshaker("localhost:9609", comm, t, mutator, mutualTLS) - acceptChan := handshaker("localhost:9610", comm, t, nil, nil, true) - time.Sleep(2 * time.Second) - assert.Equal(t, 1, len(acceptChan)) - msg := <-acceptChan - expectedPKIID := common.PKIidType("localhost:9610") - assert.Equal(t, expectedPKIID, msg.GetConnectionInfo().ID) - assert.Equal(t, api.PeerIdentityType("localhost:9610"), msg.GetConnectionInfo().Identity) - assert.NotNil(t, msg.GetConnectionInfo().Auth) - assert.True(t, msg.GetConnectionInfo().IsAuthenticated()) - sig, _ := (&naiveSecProvider{}).Sign(msg.GetConnectionInfo().Auth.SignedData) - assert.Equal(t, sig, msg.GetConnectionInfo().Auth.Signature) - // negative path, nothing should be read from the channel because the signature is wrong - mutateSig := func(b []byte) []byte { - if b[0] == 0 { - b[0] = 1 - } else { - b[0] = 0 - } - return b + select { + case <-time.After(time.Second * 2): + assert.FailNow(t, "Didn't receive a message, seems like handshake failed") + case msg = <-acceptChan: } - acceptChan = handshaker("localhost:9612", comm, t, mutateSig, nil, true) + assertPositivePath(msg, "localhost:9609") + + // Negative path: initiating peer doesn't send its own certificate + acceptChan = handshaker("localhost:9610", comm, t, mutator, oneWayTLS) + time.Sleep(time.Second) + assert.Equal(t, 0, len(acceptChan)) + // Negative path, signature is wrong + mutator = func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + msg.Signature = append(msg.Signature, 0) + return msg + } + acceptChan = handshaker("localhost:9612", comm, t, mutator, mutualTLS) time.Sleep(time.Second) assert.Equal(t, 0, len(acceptChan)) - // negative path, nothing should be read from the channel because the PKIid doesn't match the identity - mutatePKIID := func(b []byte) []byte { - return []byte("localhost:9650") + // Negative path, the PKIid doesn't match the identity + mutator = func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + msg.GetConn().PkiId = []byte("localhost:9650") + // Sign the message again + msg.Sign(signer) + return msg } - acceptChan = handshaker("localhost:9613", comm, t, nil, mutatePKIID, true) + acceptChan = handshaker("localhost:9613", comm, t, mutator, mutualTLS) time.Sleep(time.Second) assert.Equal(t, 0, len(acceptChan)) - // Now we test for a handshake without mutual TLS - // The first time should fail - acceptChan = handshaker("localhost:9614", comm, t, nil, nil, false) - select { - case <-acceptChan: - assert.Fail(t, "Should not have successfully authenticated to remote peer") - case <-time.After(time.Second): + // Negative path, the cert hash isn't what is expected + mutator = func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + msg.GetConn().TlsCertHash = append(msg.GetConn().TlsCertHash, 0) + msg.Sign(signer) + return msg } + acceptChan = handshaker("localhost:9615", comm, t, mutator, mutualTLS) + time.Sleep(time.Second) + assert.Equal(t, 0, len(acceptChan)) - // And the second time should succeed - comm.(*commImpl).skipHandshake = true - acceptChan = handshaker("localhost:9615", comm, t, nil, nil, false) - select { - case <-acceptChan: - case <-time.After(time.Second * 10): - assert.Fail(t, "skipHandshake flag should have authorized the authentication") + // Negative path, no PKI-ID was sent + mutator = func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + msg.GetConn().PkiId = nil + msg.Sign(signer) + return msg + } + acceptChan = handshaker("localhost:9616", comm, t, mutator, mutualTLS) + time.Sleep(time.Second) + assert.Equal(t, 0, len(acceptChan)) + + // Negative path, connection message is of a different type + mutator = func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + msg.Content = &proto.GossipMessage_Empty{ + Empty: &proto.Empty{}, + } + msg.Sign(signer) + return msg } + acceptChan = handshaker("localhost:9617", comm, t, mutator, mutualTLS) + time.Sleep(time.Second) + assert.Equal(t, 0, len(acceptChan)) + + // Negative path, the peer didn't respond to the handshake in due time + mutator = func(msg *proto.SignedGossipMessage) *proto.SignedGossipMessage { + time.Sleep(time.Second * 5) + return msg + } + acceptChan = handshaker("localhost:9618", comm, t, mutator, mutualTLS) + time.Sleep(time.Second) + assert.Equal(t, 0, len(acceptChan)) } func TestBasic(t *testing.T) { @@ -352,8 +422,8 @@ func TestCloseConn(t *testing.T) { stream, err := cl.GossipStream(context.Background()) assert.NoError(t, err, "%v", err) c := &commImpl{} - hash := certHashFromRawCert(tlsCfg.Certificates[0].Certificate[0]) - connMsg := c.createConnectionMsg(common.PKIidType("pkiID"), hash, api.PeerIdentityType("pkiID"), func(msg []byte) ([]byte, error) { + tlsCertHash := certHashFromRawCert(tlsCfg.Certificates[0].Certificate[0]) + connMsg := c.createConnectionMsg(common.PKIidType("pkiID"), tlsCertHash, api.PeerIdentityType("pkiID"), func(msg []byte) ([]byte, error) { mac := hmac.New(sha256.New, hmacKey) mac.Write(msg) return mac.Sum(nil), nil diff --git a/gossip/gossip/anchor_test.go b/gossip/gossip/anchor_test.go index bd65b6cfafc..1ba522cab21 100644 --- a/gossip/gossip/anchor_test.go +++ b/gossip/gossip/anchor_test.go @@ -122,9 +122,9 @@ func (p *peerMock) connEstablishMsg(pkiID common.PKIidType, hash []byte, cert ap Nonce: 0, Content: &proto.GossipMessage_Conn{ Conn: &proto.ConnEstablish{ - Hash: hash, - Cert: cert, - PkiId: pkiID, + TlsCertHash: hash, + Identity: cert, + PkiId: pkiID, }, }, } diff --git a/peer/node/start.go b/peer/node/start.go index b64135a3b97..0f6cbb83007 100644 --- a/peer/node/start.go +++ b/peer/node/start.go @@ -161,7 +161,8 @@ func serve(args []string) error { dialOpts = append(dialOpts, comm.ClientKeepaliveOptions()...) if comm.TLSEnabled() { - dialOpts = append(dialOpts, grpc.WithTransportCredentials(comm.GetCASupport().GetPeerCredentials())) + tlsCert := peerServer.ServerCertificate() + dialOpts = append(dialOpts, grpc.WithTransportCredentials(comm.GetCASupport().GetPeerCredentials(tlsCert))) } else { dialOpts = append(dialOpts, grpc.WithInsecure()) } diff --git a/protos/gossip/message.pb.go b/protos/gossip/message.pb.go index 71742b032f3..f8cd57938fb 100644 --- a/protos/gossip/message.pb.go +++ b/protos/gossip/message.pb.go @@ -977,9 +977,9 @@ func (m *StateInfoPullRequest) GetChannel_MAC() []byte { // Whenever a peer connects to another peer, it handshakes // with it by sending this message that proves its identity type ConnEstablish struct { - PkiId []byte `protobuf:"bytes,1,opt,name=pki_id,json=pkiId,proto3" json:"pki_id,omitempty"` - Cert []byte `protobuf:"bytes,2,opt,name=cert,proto3" json:"cert,omitempty"` - Hash []byte `protobuf:"bytes,3,opt,name=hash,proto3" json:"hash,omitempty"` + PkiId []byte `protobuf:"bytes,1,opt,name=pki_id,json=pkiId,proto3" json:"pki_id,omitempty"` + Identity []byte `protobuf:"bytes,2,opt,name=identity,proto3" json:"identity,omitempty"` + TlsCertHash []byte `protobuf:"bytes,3,opt,name=tls_cert_hash,json=tlsCertHash,proto3" json:"tls_cert_hash,omitempty"` } func (m *ConnEstablish) Reset() { *m = ConnEstablish{} } @@ -994,16 +994,16 @@ func (m *ConnEstablish) GetPkiId() []byte { return nil } -func (m *ConnEstablish) GetCert() []byte { +func (m *ConnEstablish) GetIdentity() []byte { if m != nil { - return m.Cert + return m.Identity } return nil } -func (m *ConnEstablish) GetHash() []byte { +func (m *ConnEstablish) GetTlsCertHash() []byte { if m != nil { - return m.Hash + return m.TlsCertHash } return nil } @@ -1626,90 +1626,91 @@ var _Gossip_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("gossip/message.proto", fileDescriptor0) } var fileDescriptor0 = []byte{ - // 1349 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x57, 0xcb, 0x6f, 0xdb, 0x46, - 0x13, 0x17, 0x6d, 0x3d, 0x47, 0x0f, 0xcb, 0x6b, 0xe7, 0xfb, 0xf8, 0xf9, 0x0b, 0x5a, 0x83, 0x68, - 0x02, 0xb7, 0x4e, 0xe5, 0xc0, 0xe9, 0x23, 0x40, 0x5a, 0x14, 0xb2, 0xa5, 0x5a, 0x46, 0x23, 0xd9, - 0xa0, 0x15, 0xb4, 0xe9, 0x85, 0x58, 0x8b, 0x63, 0x8a, 0x0d, 0xb9, 0xa4, 0xb9, 0xab, 0xb4, 0x3e, - 0x16, 0xbd, 0xf5, 0xd2, 0x6b, 0xff, 0xdc, 0x82, 0xbb, 0x24, 0x45, 0x46, 0x76, 0x00, 0x07, 0xe8, - 0x8d, 0xf3, 0xf8, 0xcd, 0xcc, 0xce, 0xce, 0x63, 0x09, 0xdb, 0x4e, 0xc0, 0xb9, 0x1b, 0x1e, 0xf8, - 0xc8, 0x39, 0x75, 0xb0, 0x17, 0x46, 0x81, 0x08, 0x48, 0x55, 0x71, 0x8d, 0x3f, 0x34, 0xa8, 0x0f, - 0xd9, 0x5b, 0xf4, 0x82, 0x10, 0x89, 0x0e, 0xb5, 0x90, 0xde, 0x78, 0x01, 0xb5, 0x75, 0x6d, 0x57, - 0xdb, 0x6b, 0x99, 0x29, 0x49, 0x1e, 0x42, 0x83, 0xbb, 0x0e, 0xa3, 0x62, 0x11, 0xa1, 0xbe, 0x26, - 0x65, 0x4b, 0x06, 0xf9, 0x0e, 0x36, 0x38, 0xce, 0x22, 0x14, 0x16, 0x26, 0xa6, 0xf4, 0xf5, 0x5d, - 0x6d, 0xaf, 0x79, 0xf8, 0x9f, 0x9e, 0x72, 0xd3, 0xbb, 0x90, 0xe2, 0xd4, 0x91, 0xd9, 0xe1, 0x05, - 0xda, 0x18, 0x41, 0xa7, 0xa8, 0xf1, 0xa1, 0xa1, 0x18, 0x7d, 0xa8, 0x2a, 0x4b, 0xe4, 0x09, 0x74, - 0x5d, 0x26, 0x30, 0x62, 0xd4, 0x1b, 0x32, 0x3b, 0x0c, 0x5c, 0x26, 0xa4, 0xa9, 0xc6, 0xa8, 0x64, - 0xae, 0x48, 0x8e, 0x1a, 0x50, 0x9b, 0x05, 0x4c, 0x20, 0x13, 0xc6, 0xdf, 0x0d, 0x68, 0x9f, 0xc8, - 0xb0, 0xc7, 0x2a, 0x65, 0x64, 0x1b, 0x2a, 0x2c, 0x60, 0x33, 0x94, 0xf8, 0xb2, 0xa9, 0x88, 0x38, - 0xc4, 0xd9, 0x9c, 0x32, 0x86, 0x5e, 0x12, 0x46, 0x4a, 0x92, 0x7d, 0x58, 0x17, 0xd4, 0x91, 0x39, - 0xe8, 0x1c, 0xfe, 0x2f, 0xcd, 0x41, 0xc1, 0x66, 0x6f, 0x4a, 0x1d, 0x33, 0xd6, 0x22, 0xcf, 0xa0, - 0x41, 0x3d, 0xf7, 0x2d, 0x5a, 0x3e, 0x77, 0xf4, 0x8a, 0x4c, 0xdb, 0x76, 0x0a, 0xe9, 0xc7, 0x82, - 0x04, 0x31, 0x2a, 0x99, 0x75, 0xa9, 0x38, 0xe6, 0x0e, 0xf9, 0x02, 0x6a, 0x3e, 0xfa, 0x56, 0x84, - 0xd7, 0x7a, 0x55, 0x42, 0x32, 0x2f, 0x63, 0xf4, 0x2f, 0x31, 0xe2, 0x73, 0x37, 0x34, 0xf1, 0x7a, - 0x81, 0x5c, 0x8c, 0x4a, 0x66, 0xd5, 0x47, 0xdf, 0xc4, 0x6b, 0xf2, 0x65, 0x8a, 0xe2, 0x7a, 0x4d, - 0xa2, 0x76, 0x6e, 0x43, 0xf1, 0x30, 0x60, 0x1c, 0x33, 0x18, 0x27, 0x4f, 0xa1, 0x6e, 0x53, 0x41, - 0x65, 0x80, 0x75, 0x89, 0xdb, 0x4a, 0x71, 0x03, 0x2a, 0xe8, 0x32, 0xbe, 0x5a, 0xac, 0x16, 0x87, - 0xb7, 0x0f, 0x95, 0x39, 0x7a, 0x5e, 0xa0, 0x37, 0x8a, 0xea, 0x2a, 0x05, 0xa3, 0x58, 0x34, 0x2a, - 0x99, 0x4a, 0x87, 0x1c, 0x24, 0xe6, 0x6d, 0xd7, 0xd1, 0x41, 0xea, 0x93, 0xbc, 0xf9, 0x81, 0xeb, - 0xa8, 0x53, 0x48, 0xeb, 0x03, 0xd7, 0xc9, 0xe2, 0x89, 0x4f, 0xdf, 0x5c, 0x8d, 0x67, 0x79, 0x6e, - 0x89, 0x50, 0x07, 0x6f, 0x4a, 0xc4, 0x22, 0xb4, 0xa9, 0x40, 0xbd, 0xb5, 0xea, 0xe5, 0x95, 0x94, - 0x8c, 0x4a, 0x26, 0xd8, 0x19, 0x45, 0x1e, 0x41, 0x05, 0xfd, 0x50, 0xdc, 0xe8, 0x6d, 0x09, 0x68, - 0xa7, 0x80, 0x61, 0xcc, 0x8c, 0x0f, 0x20, 0xa5, 0x64, 0x1f, 0xca, 0xb3, 0x80, 0x31, 0xbd, 0x23, - 0xb5, 0x1e, 0xa4, 0x5a, 0xc7, 0x01, 0x63, 0x43, 0x2e, 0xe8, 0xa5, 0xe7, 0xf2, 0xf9, 0xa8, 0x64, - 0x4a, 0x25, 0x72, 0x08, 0xc0, 0x05, 0x15, 0x68, 0xb9, 0xec, 0x2a, 0xd0, 0x37, 0x24, 0x64, 0x33, - 0x6b, 0x93, 0x58, 0x72, 0xca, 0xae, 0xe2, 0xec, 0x34, 0x78, 0x4a, 0x90, 0x23, 0xe8, 0x28, 0x0c, - 0x67, 0x34, 0xe4, 0xf3, 0x40, 0xe8, 0xdd, 0xe2, 0xa5, 0x67, 0xb8, 0x8b, 0x44, 0x61, 0x54, 0x32, - 0xdb, 0x12, 0x92, 0x32, 0xc8, 0x18, 0xb6, 0x96, 0x7e, 0xad, 0x70, 0xe1, 0x79, 0x32, 0x7f, 0x9b, - 0xd2, 0xd0, 0xc3, 0x15, 0x43, 0xe7, 0x0b, 0xcf, 0x5b, 0x26, 0xb2, 0xcb, 0xdf, 0xe1, 0x93, 0x3e, - 0x28, 0xfb, 0xb1, 0x91, 0x58, 0x49, 0x27, 0xc5, 0x82, 0x32, 0xd1, 0x0f, 0x04, 0x4a, 0x73, 0x4b, - 0x33, 0x2d, 0x9e, 0xa3, 0xc9, 0x20, 0x3d, 0x55, 0x94, 0x94, 0x9c, 0xbe, 0x25, 0x6d, 0xfc, 0xff, - 0x56, 0x1b, 0x59, 0x55, 0xb6, 0x79, 0x9e, 0x11, 0xe7, 0xc6, 0x43, 0x6a, 0xab, 0xe2, 0x95, 0x25, - 0xba, 0x5d, 0xcc, 0xcd, 0xcb, 0x4c, 0xba, 0x2c, 0xd4, 0xf6, 0x12, 0x12, 0x97, 0xeb, 0x0b, 0x68, - 0x87, 0x88, 0x91, 0xe5, 0xda, 0xc8, 0x84, 0x2b, 0x6e, 0xf4, 0x07, 0xc5, 0x36, 0x3c, 0x47, 0x8c, - 0x4e, 0x13, 0x59, 0x7c, 0x8c, 0x30, 0x47, 0x1b, 0x16, 0xac, 0x4f, 0xa9, 0x43, 0xda, 0xd0, 0x78, - 0x35, 0x19, 0x0c, 0xbf, 0x3f, 0x9d, 0x0c, 0x07, 0xdd, 0x12, 0x69, 0x40, 0x65, 0x38, 0x3e, 0x9f, - 0xbe, 0xee, 0x6a, 0xa4, 0x05, 0xf5, 0x33, 0xf3, 0xc4, 0x3a, 0x9b, 0xbc, 0x7c, 0xdd, 0x5d, 0x8b, - 0xf5, 0x8e, 0x47, 0xfd, 0x89, 0x22, 0xd7, 0x49, 0x17, 0x5a, 0x92, 0xec, 0x4f, 0x06, 0xd6, 0x99, - 0x79, 0xd2, 0x2d, 0x93, 0x0d, 0x68, 0x2a, 0x05, 0x53, 0x32, 0x2a, 0xf9, 0xd1, 0xf4, 0x97, 0x06, - 0x8d, 0xec, 0x8a, 0xc8, 0x0e, 0xd4, 0x7d, 0x14, 0x34, 0x2e, 0xd8, 0x64, 0x48, 0x66, 0x34, 0xe9, - 0x41, 0x43, 0xb8, 0x3e, 0x72, 0x41, 0xfd, 0x50, 0x8e, 0xa7, 0xe6, 0x61, 0x37, 0x7f, 0x9c, 0xa9, - 0xeb, 0xa3, 0xb9, 0x54, 0x21, 0x0f, 0xa0, 0x1a, 0xbe, 0x71, 0x2d, 0xd7, 0x96, 0x53, 0xab, 0x65, - 0x56, 0xc2, 0x37, 0xee, 0xa9, 0x4d, 0x3e, 0x86, 0x66, 0x32, 0xd4, 0xac, 0x71, 0xff, 0x58, 0x2f, - 0x4b, 0x19, 0x24, 0xac, 0x71, 0xff, 0xd8, 0xe8, 0xc3, 0xe6, 0x4a, 0xf1, 0x91, 0x27, 0x50, 0x47, - 0x0f, 0x7d, 0x64, 0x82, 0xeb, 0xda, 0xee, 0x7a, 0xde, 0x77, 0xb6, 0x02, 0x32, 0x0d, 0xe3, 0x6b, - 0xd8, 0xbe, 0xad, 0xec, 0xde, 0xf5, 0xad, 0xad, 0xf8, 0x9e, 0x40, 0xbb, 0xd0, 0x63, 0xb9, 0x43, - 0x68, 0xf9, 0x43, 0x10, 0x28, 0xcf, 0x30, 0x12, 0xc9, 0x94, 0x96, 0xdf, 0x31, 0x6f, 0x4e, 0xf9, - 0x3c, 0x39, 0xad, 0xfc, 0x36, 0x5e, 0x41, 0x2b, 0x7f, 0xd3, 0xf7, 0x31, 0x97, 0xbf, 0x8a, 0xf5, - 0xe2, 0x55, 0x18, 0x3e, 0x34, 0x73, 0x63, 0xe9, 0xee, 0x65, 0x62, 0xcb, 0x41, 0xc7, 0xf5, 0xb5, - 0xdd, 0xf5, 0xbd, 0x86, 0x99, 0x92, 0xa4, 0x07, 0x75, 0x9f, 0x3b, 0x96, 0xb8, 0x49, 0xb6, 0x6a, - 0x67, 0x39, 0xed, 0xe2, 0x6c, 0x8d, 0xb9, 0x33, 0xbd, 0x09, 0xd1, 0xac, 0xf9, 0xea, 0xc3, 0x08, - 0xa0, 0x99, 0x1b, 0xb3, 0x77, 0xb8, 0xcb, 0xc7, 0xbb, 0xb6, 0x52, 0x3a, 0xf7, 0x73, 0xf8, 0x1b, - 0xc0, 0x72, 0x82, 0xde, 0xe1, 0xef, 0x13, 0x28, 0x27, 0xbe, 0x6e, 0xaf, 0x86, 0xf2, 0x07, 0x79, - 0xf6, 0x94, 0x67, 0xb5, 0x21, 0xfe, 0xf5, 0xc4, 0x3e, 0x57, 0xf7, 0x98, 0x3e, 0x0a, 0x3e, 0x2d, - 0xbe, 0x50, 0x9a, 0x87, 0x1b, 0x19, 0x5a, 0xb1, 0xb3, 0x27, 0x8b, 0xf1, 0x15, 0xd4, 0x12, 0x1e, - 0xf9, 0x2f, 0xd4, 0x38, 0x5e, 0x5b, 0x6c, 0xe1, 0x27, 0x61, 0x56, 0x39, 0x5e, 0x4f, 0x16, 0x7e, - 0x5c, 0x55, 0xb9, 0xdb, 0x90, 0xdf, 0xc6, 0x9f, 0x1a, 0xb4, 0xf2, 0x4f, 0x00, 0xd2, 0x03, 0xf0, - 0xb3, 0x4d, 0x9d, 0xb8, 0xed, 0x14, 0x77, 0xb8, 0x99, 0xd3, 0xb8, 0xf7, 0x14, 0xd8, 0x81, 0x7a, - 0x36, 0x03, 0x55, 0xaf, 0x67, 0xb4, 0xf1, 0xbb, 0x06, 0x9b, 0x2b, 0xb3, 0xf4, 0xae, 0x1e, 0xb9, - 0xaf, 0xe3, 0x47, 0xd0, 0x71, 0xb9, 0x65, 0xe3, 0xcc, 0xa3, 0x11, 0x15, 0x6e, 0xc0, 0xe4, 0x8d, - 0xd4, 0xcd, 0xb6, 0xcb, 0x07, 0x4b, 0xa6, 0xf1, 0x0d, 0xd4, 0x53, 0x74, 0x9c, 0x49, 0x97, 0xcd, - 0xf2, 0x99, 0x74, 0xd9, 0x2c, 0xce, 0x64, 0x2e, 0xc5, 0x6b, 0xf9, 0x14, 0x1b, 0x57, 0xb0, 0xb9, - 0xf2, 0x3a, 0x22, 0x2f, 0xa0, 0xcb, 0xd1, 0xbb, 0x92, 0x6b, 0x31, 0xf2, 0x95, 0x6f, 0xad, 0x18, - 0x70, 0x56, 0xa5, 0x1b, 0xb1, 0xe6, 0xe9, 0x52, 0x31, 0x2e, 0xb9, 0x37, 0x2c, 0xf8, 0x95, 0xc9, - 0xd2, 0x6a, 0x99, 0x8a, 0x30, 0x2e, 0x81, 0xac, 0xbe, 0xa7, 0xc8, 0x63, 0xa8, 0xc8, 0xe7, 0xdb, - 0x9d, 0x13, 0x51, 0x89, 0x65, 0xab, 0x20, 0xb5, 0xdf, 0xd3, 0x2a, 0x48, 0x6d, 0xe3, 0x47, 0xa8, - 0x2a, 0x1f, 0xf1, 0x9d, 0x61, 0xe1, 0x7d, 0x6b, 0x66, 0xf4, 0x7b, 0xdb, 0xfc, 0xf6, 0x89, 0x6f, - 0xd4, 0xa0, 0x22, 0x9f, 0x37, 0xc6, 0x4f, 0x40, 0x56, 0x97, 0x38, 0x31, 0xe4, 0xde, 0x8f, 0x84, - 0x55, 0xac, 0xe2, 0xa6, 0x64, 0x5e, 0xa8, 0x52, 0xfe, 0x08, 0x9a, 0xc8, 0x6c, 0xab, 0x78, 0x09, - 0x0d, 0x64, 0xb6, 0x92, 0x1b, 0x47, 0xb0, 0x75, 0xcb, 0x6a, 0x27, 0xfb, 0x50, 0x4f, 0x1a, 0x26, - 0xdd, 0x1a, 0x2b, 0x1d, 0x95, 0x29, 0x7c, 0xf6, 0x2d, 0x34, 0x73, 0x4d, 0xfa, 0xee, 0xf6, 0x6d, - 0x43, 0xe3, 0xe8, 0xe5, 0xd9, 0xf1, 0x0f, 0xd6, 0xf8, 0xe2, 0xa4, 0xab, 0xc5, 0x4b, 0xf6, 0x74, - 0x30, 0x9c, 0x4c, 0x4f, 0xa7, 0xaf, 0x25, 0x67, 0xed, 0xf0, 0x17, 0xa8, 0xaa, 0x21, 0x49, 0x9e, - 0x43, 0x4b, 0x7d, 0x5d, 0x88, 0x08, 0xa9, 0x4f, 0x56, 0x12, 0xbe, 0xb3, 0xc2, 0x31, 0x4a, 0x7b, - 0xda, 0x53, 0x8d, 0x3c, 0x86, 0xf2, 0xb9, 0xcb, 0x1c, 0x52, 0x7c, 0x16, 0xee, 0x14, 0x49, 0xa3, - 0x74, 0xf4, 0xf9, 0xcf, 0xfb, 0x8e, 0x2b, 0xe6, 0x8b, 0xcb, 0xde, 0x2c, 0xf0, 0x0f, 0xe6, 0x37, - 0x21, 0x46, 0x1e, 0xda, 0x0e, 0x46, 0x07, 0x57, 0xf4, 0x32, 0x72, 0x67, 0x07, 0xf2, 0x8f, 0x8c, - 0x1f, 0x28, 0xd8, 0x65, 0x55, 0x92, 0xcf, 0xfe, 0x09, 0x00, 0x00, 0xff, 0xff, 0x85, 0x3e, 0x53, - 0xef, 0xb8, 0x0d, 0x00, 0x00, + // 1366 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x57, 0xdd, 0x6f, 0xdc, 0x44, + 0x10, 0x3f, 0x27, 0xf7, 0x39, 0xf7, 0x91, 0xcb, 0x26, 0x05, 0x13, 0x2a, 0x88, 0x2c, 0x5a, 0x05, + 0x52, 0x2e, 0x55, 0xca, 0x47, 0xa5, 0x82, 0xd0, 0x25, 0x77, 0xe4, 0x22, 0x7a, 0x49, 0xe4, 0xa4, + 0x82, 0xf2, 0x62, 0x6d, 0xce, 0x13, 0x9f, 0xa9, 0xbd, 0x76, 0xbc, 0x7b, 0x85, 0x3c, 0x22, 0xde, + 0x78, 0xe1, 0x95, 0x3f, 0x17, 0x79, 0xd7, 0xf6, 0xd9, 0x75, 0x52, 0xa9, 0x95, 0x78, 0xf3, 0x7c, + 0xfc, 0x66, 0x66, 0x67, 0xe7, 0x63, 0x0d, 0x9b, 0x4e, 0xc0, 0xb9, 0x1b, 0xee, 0xf9, 0xc8, 0x39, + 0x75, 0x70, 0x10, 0x46, 0x81, 0x08, 0x48, 0x5d, 0x71, 0x8d, 0xbf, 0x34, 0x68, 0x8e, 0xd9, 0x6b, + 0xf4, 0x82, 0x10, 0x89, 0x0e, 0x8d, 0x90, 0xde, 0x78, 0x01, 0xb5, 0x75, 0x6d, 0x5b, 0xdb, 0xe9, + 0x98, 0x29, 0x49, 0xee, 0x43, 0x8b, 0xbb, 0x0e, 0xa3, 0x62, 0x11, 0xa1, 0xbe, 0x22, 0x65, 0x4b, + 0x06, 0xf9, 0x01, 0xd6, 0x38, 0xce, 0x22, 0x14, 0x16, 0x26, 0xa6, 0xf4, 0xd5, 0x6d, 0x6d, 0xa7, + 0xbd, 0xff, 0xc1, 0x40, 0xb9, 0x19, 0x9c, 0x4b, 0x71, 0xea, 0xc8, 0xec, 0xf1, 0x02, 0x6d, 0x4c, + 0xa0, 0x57, 0xd4, 0x78, 0xdf, 0x50, 0x8c, 0x21, 0xd4, 0x95, 0x25, 0xf2, 0x08, 0xfa, 0x2e, 0x13, + 0x18, 0x31, 0xea, 0x8d, 0x99, 0x1d, 0x06, 0x2e, 0x13, 0xd2, 0x54, 0x6b, 0x52, 0x31, 0x4b, 0x92, + 0x83, 0x16, 0x34, 0x66, 0x01, 0x13, 0xc8, 0x84, 0xf1, 0x6f, 0x0b, 0xba, 0x47, 0x32, 0xec, 0xa9, + 0x4a, 0x19, 0xd9, 0x84, 0x1a, 0x0b, 0xd8, 0x0c, 0x25, 0xbe, 0x6a, 0x2a, 0x22, 0x0e, 0x71, 0x36, + 0xa7, 0x8c, 0xa1, 0x97, 0x84, 0x91, 0x92, 0x64, 0x17, 0x56, 0x05, 0x75, 0x64, 0x0e, 0x7a, 0xfb, + 0x1f, 0xa5, 0x39, 0x28, 0xd8, 0x1c, 0x5c, 0x50, 0xc7, 0x8c, 0xb5, 0xc8, 0x13, 0x68, 0x51, 0xcf, + 0x7d, 0x8d, 0x96, 0xcf, 0x1d, 0xbd, 0x26, 0xd3, 0xb6, 0x99, 0x42, 0x86, 0xb1, 0x20, 0x41, 0x4c, + 0x2a, 0x66, 0x53, 0x2a, 0x4e, 0xb9, 0x43, 0xbe, 0x82, 0x86, 0x8f, 0xbe, 0x15, 0xe1, 0xb5, 0x5e, + 0x97, 0x90, 0xcc, 0xcb, 0x14, 0xfd, 0x4b, 0x8c, 0xf8, 0xdc, 0x0d, 0x4d, 0xbc, 0x5e, 0x20, 0x17, + 0x93, 0x8a, 0x59, 0xf7, 0xd1, 0x37, 0xf1, 0x9a, 0x7c, 0x9d, 0xa2, 0xb8, 0xde, 0x90, 0xa8, 0xad, + 0xdb, 0x50, 0x3c, 0x0c, 0x18, 0xc7, 0x0c, 0xc6, 0xc9, 0x63, 0x68, 0xda, 0x54, 0x50, 0x19, 0x60, + 0x53, 0xe2, 0x36, 0x52, 0xdc, 0x88, 0x0a, 0xba, 0x8c, 0xaf, 0x11, 0xab, 0xc5, 0xe1, 0xed, 0x42, + 0x6d, 0x8e, 0x9e, 0x17, 0xe8, 0xad, 0xa2, 0xba, 0x4a, 0xc1, 0x24, 0x16, 0x4d, 0x2a, 0xa6, 0xd2, + 0x21, 0x7b, 0x89, 0x79, 0xdb, 0x75, 0x74, 0x90, 0xfa, 0x24, 0x6f, 0x7e, 0xe4, 0x3a, 0xea, 0x14, + 0xd2, 0xfa, 0xc8, 0x75, 0xb2, 0x78, 0xe2, 0xd3, 0xb7, 0xcb, 0xf1, 0x2c, 0xcf, 0x2d, 0x11, 0xea, + 0xe0, 0x6d, 0x89, 0x58, 0x84, 0x36, 0x15, 0xa8, 0x77, 0xca, 0x5e, 0x5e, 0x48, 0xc9, 0xa4, 0x62, + 0x82, 0x9d, 0x51, 0xe4, 0x01, 0xd4, 0xd0, 0x0f, 0xc5, 0x8d, 0xde, 0x95, 0x80, 0x6e, 0x0a, 0x18, + 0xc7, 0xcc, 0xf8, 0x00, 0x52, 0x4a, 0x76, 0xa1, 0x3a, 0x0b, 0x18, 0xd3, 0x7b, 0x52, 0xeb, 0x5e, + 0xaa, 0x75, 0x18, 0x30, 0x36, 0xe6, 0x82, 0x5e, 0x7a, 0x2e, 0x9f, 0x4f, 0x2a, 0xa6, 0x54, 0x22, + 0xfb, 0x00, 0x5c, 0x50, 0x81, 0x96, 0xcb, 0xae, 0x02, 0x7d, 0x4d, 0x42, 0xd6, 0xb3, 0x36, 0x89, + 0x25, 0xc7, 0xec, 0x2a, 0xce, 0x4e, 0x8b, 0xa7, 0x04, 0x39, 0x80, 0x9e, 0xc2, 0x70, 0x46, 0x43, + 0x3e, 0x0f, 0x84, 0xde, 0x2f, 0x5e, 0x7a, 0x86, 0x3b, 0x4f, 0x14, 0x26, 0x15, 0xb3, 0x2b, 0x21, + 0x29, 0x83, 0x4c, 0x61, 0x63, 0xe9, 0xd7, 0x0a, 0x17, 0x9e, 0x27, 0xf3, 0xb7, 0x2e, 0x0d, 0xdd, + 0x2f, 0x19, 0x3a, 0x5b, 0x78, 0xde, 0x32, 0x91, 0x7d, 0xfe, 0x06, 0x9f, 0x0c, 0x41, 0xd9, 0x8f, + 0x8d, 0xc4, 0x4a, 0x3a, 0x29, 0x16, 0x94, 0x89, 0x7e, 0x20, 0x50, 0x9a, 0x5b, 0x9a, 0xe9, 0xf0, + 0x1c, 0x4d, 0x46, 0xe9, 0xa9, 0xa2, 0xa4, 0xe4, 0xf4, 0x0d, 0x69, 0xe3, 0xe3, 0x5b, 0x6d, 0x64, + 0x55, 0xd9, 0xe5, 0x79, 0x46, 0x9c, 0x1b, 0x0f, 0xa9, 0xad, 0x8a, 0x57, 0x96, 0xe8, 0x66, 0x31, + 0x37, 0xcf, 0x33, 0xe9, 0xb2, 0x50, 0xbb, 0x4b, 0x48, 0x5c, 0xae, 0xcf, 0xa0, 0x1b, 0x22, 0x46, + 0x96, 0x6b, 0x23, 0x13, 0xae, 0xb8, 0xd1, 0xef, 0x15, 0xdb, 0xf0, 0x0c, 0x31, 0x3a, 0x4e, 0x64, + 0xf1, 0x31, 0xc2, 0x1c, 0x6d, 0x58, 0xb0, 0x7a, 0x41, 0x1d, 0xd2, 0x85, 0xd6, 0x8b, 0x93, 0xd1, + 0xf8, 0xc7, 0xe3, 0x93, 0xf1, 0xa8, 0x5f, 0x21, 0x2d, 0xa8, 0x8d, 0xa7, 0x67, 0x17, 0x2f, 0xfb, + 0x1a, 0xe9, 0x40, 0xf3, 0xd4, 0x3c, 0xb2, 0x4e, 0x4f, 0x9e, 0xbf, 0xec, 0xaf, 0xc4, 0x7a, 0x87, + 0x93, 0xe1, 0x89, 0x22, 0x57, 0x49, 0x1f, 0x3a, 0x92, 0x1c, 0x9e, 0x8c, 0xac, 0x53, 0xf3, 0xa8, + 0x5f, 0x25, 0x6b, 0xd0, 0x56, 0x0a, 0xa6, 0x64, 0xd4, 0xf2, 0xa3, 0xe9, 0x1f, 0x0d, 0x5a, 0xd9, + 0x15, 0x91, 0x2d, 0x68, 0xfa, 0x28, 0x68, 0x5c, 0xb0, 0xc9, 0x90, 0xcc, 0x68, 0x32, 0x80, 0x96, + 0x70, 0x7d, 0xe4, 0x82, 0xfa, 0xa1, 0x1c, 0x4f, 0xed, 0xfd, 0x7e, 0xfe, 0x38, 0x17, 0xae, 0x8f, + 0xe6, 0x52, 0x85, 0xdc, 0x83, 0x7a, 0xf8, 0xca, 0xb5, 0x5c, 0x5b, 0x4e, 0xad, 0x8e, 0x59, 0x0b, + 0x5f, 0xb9, 0xc7, 0x36, 0xf9, 0x14, 0xda, 0xc9, 0x50, 0xb3, 0xa6, 0xc3, 0x43, 0xbd, 0x2a, 0x65, + 0x90, 0xb0, 0xa6, 0xc3, 0x43, 0x63, 0x08, 0xeb, 0xa5, 0xe2, 0x23, 0x8f, 0xa0, 0x89, 0x1e, 0xfa, + 0xc8, 0x04, 0xd7, 0xb5, 0xed, 0xd5, 0xbc, 0xef, 0x6c, 0x05, 0x64, 0x1a, 0xc6, 0xb7, 0xb0, 0x79, + 0x5b, 0xd9, 0xbd, 0xe9, 0x5b, 0x2b, 0xf9, 0xbe, 0x82, 0x6e, 0xa1, 0xc7, 0x72, 0x87, 0xd0, 0xf2, + 0x87, 0xd8, 0x82, 0x66, 0x76, 0xb3, 0x6a, 0x52, 0x67, 0x34, 0x31, 0xa0, 0x2b, 0x3c, 0x6e, 0xcd, + 0x30, 0x12, 0xd6, 0x9c, 0xf2, 0x79, 0x72, 0xfc, 0xb6, 0xf0, 0xf8, 0x21, 0x46, 0x62, 0x42, 0xf9, + 0xdc, 0x78, 0x01, 0x9d, 0x7c, 0x05, 0xdc, 0xe5, 0x86, 0x40, 0x35, 0x36, 0x93, 0xb8, 0x90, 0xdf, + 0x85, 0x2b, 0x5a, 0x2d, 0x5e, 0x91, 0xe1, 0x43, 0x3b, 0x37, 0xae, 0xee, 0x5e, 0x32, 0xb6, 0x1c, + 0x80, 0x5c, 0x5f, 0xd9, 0x5e, 0xdd, 0x69, 0x99, 0x29, 0x49, 0x06, 0xd0, 0xf4, 0xb9, 0x63, 0x89, + 0x9b, 0x64, 0xdb, 0xf6, 0x96, 0x53, 0x30, 0xce, 0xe2, 0x94, 0x3b, 0x17, 0x37, 0x21, 0x9a, 0x0d, + 0x5f, 0x7d, 0x18, 0x01, 0xb4, 0x73, 0xe3, 0xf7, 0x0e, 0x77, 0xf9, 0x78, 0x57, 0x4a, 0x25, 0xf5, + 0x6e, 0x0e, 0xff, 0x00, 0x58, 0x4e, 0xd6, 0x3b, 0xfc, 0x7d, 0x06, 0xd5, 0xc4, 0xd7, 0xed, 0x55, + 0x52, 0x7d, 0x2f, 0xcf, 0x9e, 0xf2, 0xac, 0x36, 0xc7, 0xff, 0x9e, 0xd8, 0xa7, 0xea, 0x1e, 0xd3, + 0xc7, 0xc2, 0xe7, 0xc5, 0x97, 0x4b, 0x7b, 0x7f, 0x2d, 0x43, 0x2b, 0x76, 0xf6, 0x94, 0x31, 0xbe, + 0x81, 0x46, 0xc2, 0x23, 0x1f, 0x42, 0x83, 0xe3, 0xb5, 0xc5, 0x16, 0x7e, 0x12, 0x66, 0x9d, 0xe3, + 0xf5, 0xc9, 0xc2, 0x8f, 0xab, 0x2a, 0x77, 0x1b, 0xf2, 0xdb, 0xf8, 0x5b, 0x83, 0x4e, 0xfe, 0x69, + 0x40, 0x06, 0x00, 0x7e, 0xb6, 0xc1, 0x13, 0xb7, 0xbd, 0xe2, 0x6e, 0x37, 0x73, 0x1a, 0xef, 0x3c, + 0x1d, 0xf2, 0x1d, 0x54, 0x2d, 0x76, 0x90, 0xf1, 0xa7, 0x06, 0xeb, 0xa5, 0x19, 0x7b, 0x57, 0x8f, + 0xbc, 0xab, 0xe3, 0x07, 0xd0, 0x73, 0xb9, 0x65, 0xe3, 0xcc, 0xa3, 0x11, 0x15, 0x6e, 0xc0, 0xe4, + 0x8d, 0x34, 0xcd, 0xae, 0xcb, 0x47, 0x4b, 0xa6, 0xf1, 0x1d, 0x34, 0x53, 0x74, 0x9c, 0x49, 0x97, + 0xcd, 0xf2, 0x99, 0x74, 0xd9, 0x2c, 0xce, 0x64, 0x2e, 0xc5, 0x2b, 0xf9, 0x14, 0x1b, 0x57, 0xb0, + 0x5e, 0x7a, 0x35, 0x91, 0x67, 0xd0, 0xe7, 0xe8, 0x5d, 0xc9, 0x75, 0x19, 0xf9, 0xca, 0xb7, 0x56, + 0x0c, 0x38, 0xab, 0xd2, 0xb5, 0x58, 0xf3, 0x78, 0xa9, 0x18, 0x97, 0xdc, 0x2b, 0x16, 0xfc, 0xce, + 0x64, 0x69, 0x75, 0x4c, 0x45, 0x18, 0x97, 0x40, 0xca, 0xef, 0x2c, 0xf2, 0x10, 0x6a, 0xf2, 0x59, + 0x77, 0xe7, 0xa4, 0x54, 0x62, 0xd9, 0x2a, 0x48, 0xed, 0xb7, 0xb4, 0x0a, 0x52, 0xdb, 0xf8, 0x19, + 0xea, 0xca, 0x47, 0x7c, 0x67, 0x58, 0x78, 0xf7, 0x9a, 0x19, 0xfd, 0xd6, 0x36, 0xbf, 0x7d, 0x13, + 0x18, 0x0d, 0xa8, 0xc9, 0x67, 0x8f, 0xf1, 0x0b, 0x90, 0xf2, 0x72, 0x8f, 0xe7, 0x28, 0x17, 0x34, + 0x12, 0x56, 0xb1, 0x8a, 0xdb, 0x92, 0x79, 0xae, 0x4a, 0xf9, 0x13, 0x68, 0x23, 0xb3, 0xad, 0xe2, + 0x25, 0xb4, 0x90, 0xd9, 0x4a, 0x6e, 0x1c, 0xc0, 0xc6, 0x2d, 0x2b, 0x9f, 0xec, 0x42, 0x33, 0x69, + 0x98, 0x74, 0x9b, 0x94, 0x3a, 0x2a, 0x53, 0xf8, 0xe2, 0x7b, 0x68, 0xe7, 0x9a, 0xf4, 0xcd, 0xad, + 0xdc, 0x85, 0xd6, 0xc1, 0xf3, 0xd3, 0xc3, 0x9f, 0xac, 0xe9, 0xf9, 0x51, 0x5f, 0x8b, 0x97, 0xef, + 0xf1, 0x68, 0x7c, 0x72, 0x71, 0x7c, 0xf1, 0x52, 0x72, 0x56, 0xf6, 0x7f, 0x83, 0xba, 0x1a, 0x92, + 0xe4, 0x29, 0x74, 0xd4, 0xd7, 0xb9, 0x88, 0x90, 0xfa, 0xa4, 0x94, 0xf0, 0xad, 0x12, 0xc7, 0xa8, + 0xec, 0x68, 0x8f, 0x35, 0xf2, 0x10, 0xaa, 0x67, 0x2e, 0x73, 0x48, 0xf1, 0xb9, 0xb8, 0x55, 0x24, + 0x8d, 0xca, 0xc1, 0x97, 0xbf, 0xee, 0x3a, 0xae, 0x98, 0x2f, 0x2e, 0x07, 0xb3, 0xc0, 0xdf, 0x9b, + 0xdf, 0x84, 0x18, 0x79, 0x68, 0x3b, 0x18, 0xed, 0x5d, 0xd1, 0xcb, 0xc8, 0x9d, 0xed, 0xc9, 0x3f, + 0x35, 0xbe, 0xa7, 0x60, 0x97, 0x75, 0x49, 0x3e, 0xf9, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x74, 0x25, + 0x05, 0xf1, 0xd0, 0x0d, 0x00, 0x00, } diff --git a/protos/gossip/message.proto b/protos/gossip/message.proto index e05177556de..192434f12b3 100644 --- a/protos/gossip/message.proto +++ b/protos/gossip/message.proto @@ -153,9 +153,9 @@ message StateInfoPullRequest { // Whenever a peer connects to another peer, it handshakes // with it by sending this message that proves its identity message ConnEstablish { - bytes pki_id = 1; - bytes cert = 2; - bytes hash = 3; + bytes pki_id = 1; + bytes identity = 2; + bytes tls_cert_hash = 3; } // PeerIdentity defines the identity of the peer diff --git a/sampleconfig/core.yaml b/sampleconfig/core.yaml index d220c8e3306..c028aed32ab 100644 --- a/sampleconfig/core.yaml +++ b/sampleconfig/core.yaml @@ -141,10 +141,6 @@ peer: # This is an endpoint that is published to peers outside of the organization. # If this isn't set, the peer will not be known to other organizations. externalEndpoint: - # Makes gossip skip verification of remote peer signature when performing - # the authentication handshake with remote peers - skipHandshake: false - # Leader election service configuration election: # Longest time peer wait for stable membership during leader election startup (unit: second)