[FAB-5319] peer cli orderer TLS hostname override

The peer CLI supports TLS communication with the orderer. It does this by specifying a -caCert command line flag which specifies the orderer's TLS CA cert file. However, for certainly deployments such as k8s, it is not always possible to have the hostname on the TLS cert correctly match the hostname used to connect to the orderer. The peer config supports setting the hostname via peer.tls.rootcert.file and peer.tls.serverhostoverride config variables. However, because the peer channel commands initialize TLS without the use of these variables, this CR does not attempt to re-use this logic, and instead adds a new flag. The new flag has the name -ordererTLSHostnameOverride Change-Id: I9cc5ac59803daf633de7e20813905aca53b99a37 Signed-off-by: Jason Yellick <[email protected]>
hyperledger · Jul 17, 2017 · c60d859 · c60d859
1 parent d9c3202
commit c60d859
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/peer/channel/channel.go b/peer/channel/channel.go
@@ -55,12 +55,13 @@ var (
 	genesisBlockPath string
 
 	// create related variables
-	chainID          string
-	channelTxFile    string
-	orderingEndpoint string
-	tls              bool
-	caFile           string
-	timeout          int
+	chainID                    string
+	channelTxFile              string
+	orderingEndpoint           string
+	tls                        bool
+	caFile                     string
+	ordererTLSHostnameOverride string
+	timeout                    int
 )
 
 // Cmd returns the cobra command for Node
@@ -83,6 +84,7 @@ func AddFlags(cmd *cobra.Command) {
 	flags.StringVarP(&orderingEndpoint, "orderer", "o", "", "Ordering service endpoint")
 	flags.BoolVarP(&tls, "tls", "", false, "Use TLS when communicating with the orderer endpoint")
 	flags.StringVarP(&caFile, "cafile", "", "", "Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint")
+	flags.StringVarP(&ordererTLSHostnameOverride, "ordererTLSHostnameOverride", "", "", "The hostname override to use when validating the TLS connection to the orderer.")
 }
 
 var flags *pflag.FlagSet
@@ -162,7 +164,7 @@ func InitCmdFactory(isEndorserRequired EndorserRequirement, isOrdererRequired Or
 		// check for TLS
 		if tls {
 			if caFile != "" {
-				creds, err := credentials.NewClientTLSFromFile(caFile, "")
+				creds, err := credentials.NewClientTLSFromFile(caFile, ordererTLSHostnameOverride)
 				if err != nil {
 					return nil, fmt.Errorf("Error connecting to %s due to %s", orderingEndpoint, err)
 				}