Skip to content

Commit

Permalink
Ignore expired CA/TLS CA certs on msp init
Browse files Browse the repository at this point in the history
This is a picked commit from

hyperledger/fabric#3249.

Fix the issue that expired certs can block using sdk.

Change-Id: Idff5f8913c772a51844b4b4d39adbfccb28d5bec
Signed-off-by: Baohua Yang <yangbaohua@gmail.com>
  • Loading branch information
yeasy committed Mar 10, 2023
1 parent 7af45ce commit d20f5b8
Showing 1 changed file with 1 addition and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ func (msp *bccspmsp) setupTLSCAs(conf *m.FabricMSPConfig) error {
return errors.WithMessagef(err, "CA Certificate problem with Subject Key Identifier extension, (SN: %x)", cert.SerialNumber)
}

opts.CurrentTime = cert.NotBefore.Add(time.Second)
if err := msp.validateTLSCAIdentity(cert, opts); err != nil {
return errors.WithMessagef(err, "CA Certificate is not valid, (SN: %s)", cert.SerialNumber)
}
Expand Down

0 comments on commit d20f5b8

Please sign in to comment.