[mock-orderer] common-root-cas workaround fix#402
Closed
dean-amar wants to merge 15 commits into
Closed
Conversation
… right orderer orgs and their root CAs properly. For testing, we initialize the ordererconn with static root CAs from the first organizationMaterials we get which imitate YAMLs. So thats not good, because if we ever set from the yaml and not config-block it will be accepted as long as the service lives. Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
dean-amar
added
documentation
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
dean-amar
requested review from
cendhu and
liran-funaro
and removed request for
liran-funaro
dean-amar
changed the title
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
…ns before initializing the connection manager. Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
…testing logic. Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
…ed redundant information. Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Contributor
|
This PR is on hold until we make meaningful progress on PR |
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Contributor
Author
This PR is now ready for review. |
Contributor
|
@dean-amar please rebase |
Signed-off-by: Dean Amar <Dean.Amar@ibm.com>
Contributor
Author
Done. |
liran-funaro
requested changes
Mar 23, 2026
Contributor
liran-funaro
left a comment
liran-funaro
left a comment
There was a problem hiding this comment.
This PR doesn't really removes the common CA paths, it just moves it to another configuration area, disguising it under the organization's root CAs.
In practice, it uses the organizations' root CAs as a the common root CAs.
We should aim to remove the use of the static root CAs.
Contributor
Author
|
Since this PR and #427 edit some of the same files, and the latter introduces a completely new code architecture, I'll wait for it to be merged. |
Contributor
|
@dean-amar #427 was merged. You can rebase. |
dean-amar
changed the title
Contributor
Author
|
I’m closing this PR. The reason is explained in #339. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of change
Description
Removes the temporary common-ca-cert-paths configuration field and implements proper handling of root CA certificates. Static CA certificates from the initial YAML configuration are now preserved in the ConnectionManager and appended to all organizations' CA certificates during config block updates.
Related issues