You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The peer CLI supports TLS communication with the orderer. It does this
by specifying a -caCert command line flag which specifies the orderer's
TLS CA cert file. However, for certainly deployments such as k8s, it is
not always possible to have the hostname on the TLS cert correctly match
the hostname used to connect to the orderer.
The peer config supports setting the hostname via peer.tls.rootcert.file
and peer.tls.serverhostoverride config variables. However, because the
peer channel commands initialize TLS without the use of these variables,
this CR does not attempt to re-use this logic, and instead adds a new
flag.
The new flag has the name -ordererTLSHostnameOverride
Change-Id: I9cc5ac59803daf633de7e20813905aca53b99a37
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
flags.StringVarP(&orderingEndpoint, "orderer", "o", "", "Ordering service endpoint")
84
85
flags.BoolVarP(&tls, "tls", "", false, "Use TLS when communicating with the orderer endpoint")
85
86
flags.StringVarP(&caFile, "cafile", "", "", "Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint")
87
+
flags.StringVarP(&ordererTLSHostnameOverride, "ordererTLSHostnameOverride", "", "", "The hostname override to use when validating the TLS connection to the orderer.")
86
88
}
87
89
88
90
varflags*pflag.FlagSet
@@ -162,7 +164,7 @@ func InitCmdFactory(isEndorserRequired EndorserRequirement, isOrdererRequired Or
0 commit comments