[FAB-5845] Separate trusted roots upon join channel

The current code assumes that the application orgs and the orderer orgs are separate, but a peer and an orderer may be in the same org and then this code might not (for example) populate the orderer TLS root CA certs. The implication, is that a peer might not be able to connect to an orderer. Change-Id: Ia19a45b42837d223282ce15402ebd5b4a3cb121b Signed-off-by: yacovm <[email protected]> (cherry picked from commit cf82b4e) Signed-off-by: Gari Singh <[email protected]>
hyperledger · Aug 28, 2017 · 650fb6b · 650fb6b
1 parent 1c56557
commit 650fb6b
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/core/peer/peer.go b/core/peer/peer.go
@@ -382,14 +382,22 @@ func buildTrustedRootsForChain(cm configtxapi.Manager) {
 	appRootCAs := [][]byte{}
 	ordererRootCAs := [][]byte{}
 	appOrgMSPs := make(map[string]struct{})
-	ac, ok := cm.ApplicationConfig()
-	if ok {
+	ordOrgMSPs := make(map[string]struct{})
+
+	if ac, ok := cm.ApplicationConfig(); ok {
 		//loop through app orgs and build map of MSPIDs
 		for _, appOrg := range ac.Organizations() {
 			appOrgMSPs[appOrg.MSPID()] = struct{}{}
 		}
 	}
 
+	if ac, ok := cm.OrdererConfig(); ok {
+		//loop through orderer orgs and build map of MSPIDs
+		for _, ordOrg := range ac.Organizations() {
+			ordOrgMSPs[ordOrg.MSPID()] = struct{}{}
+		}
+	}
+
 	cid := cm.ChainID()
 	peerLogger.Debugf("updating root CAs for channel [%s]", cid)
 	msps, err := cm.MSPManager().GetMSPs()
@@ -405,7 +413,9 @@ func buildTrustedRootsForChain(cm configtxapi.Manager) {
 					if _, ok := appOrgMSPs[k]; ok {
 						peerLogger.Debugf("adding app root CAs for MSP [%s]", k)
 						appRootCAs = append(appRootCAs, root)
-					} else {
+					}
+					// check to see of this is an orderer org MSP
+					if _, ok := ordOrgMSPs[k]; ok {
 						peerLogger.Debugf("adding orderer root CAs for MSP [%s]", k)
 						ordererRootCAs = append(ordererRootCAs, root)
 					}
@@ -415,7 +425,9 @@ func buildTrustedRootsForChain(cm configtxapi.Manager) {
 					if _, ok := appOrgMSPs[k]; ok {
 						peerLogger.Debugf("adding app root CAs for MSP [%s]", k)
 						appRootCAs = append(appRootCAs, intermediate)
-					} else {
+					}
+					// check to see of this is an orderer org MSP
+					if _, ok := ordOrgMSPs[k]; ok {
 						peerLogger.Debugf("adding orderer root CAs for MSP [%s]", k)
 						ordererRootCAs = append(ordererRootCAs, intermediate)
 					}