Hyperledger fabric Hyperledger结构CA在启用TLS时向节点SDK发布错误的证书（错误的颁发者）

我想将我的网络从1个订购者扩展到3个订购者，通过这样做，我需要启用Raft，这需要启用TLS。 我做到了，一切都正常工作，订购者正确地选择领导者和追随者，cli使用TLS与网络交互，等等。我还使用cli查询了链码。 我没有启用clientAuth，因为我对相互TLS不感兴趣，对我来说，让3个订购者互相交谈就可以了，我现在只想进行查询，我可以从cli进行查询，但不能从Node SDK进行查询

当我简单地将SDK连接到：

gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: 'user1', discovery: { enabled: false }});
const network = await gateway.getNetwork(channelName);
contract = network.getContract('traceability');

我得到的是：

Error: Failed to discover local peers ::Error: Failed to connect before the deadline URL:grpcs://localhost:7051

我查看了peer1的内部，我正在尝试连接它，错误是：

2019-12-17 13:44:53.465 UTC [core.comm] ServerHandshake -> ERRO 0bd TLS handshake failed with error EOF server=PeerServer remoteaddress=172.23.0.1:36174

经过几次尝试后，我无法解决这个问题，但我在证书中发现了一些非常奇怪的东西，这使我认为它们没有正确生成。 如果我检查在我的第一个网络中生成的证书，我将对其进行解码，得到以下结果：

-----BEGIN CERTIFICATE-----MIICjzCCAjWgAwIBAgIUbEu5crMvBdY73wBFhOI/3uSi5gIwCgYIKoZIzj0EAwIwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTkwNzE5MDgzODAwWhcNMjAwNzE4MDg0MzAwWjBCMTAwDQYDVQQLEwZjbGllbnQwCwYDVQQLEwRvcmcxMBIGA1UECxMLZGVwYXJ0bWVudDExDjAMBgNVBAMTBXVzZXIxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM25kseg3ybw0/F2dbwJznq3SKXQ2LRpiHnIGBDhiYVBpV2bgpzPfw1XbD5U+Ea4xwKLFJgoRFSjZWRaEe1vazaOB1zCB1DAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzFVc46aR76s9R9fWIXlbKwrHf9gwKwYDVR0jBCQwIoAgdjzlEttw+/yR/81K0B0HTToBKuJIikLbsaR6nOiJXegwaAYIKgMEBQYHCAEEXHsiYXR0cnMiOnsiaGYuQWZmaWxpYXRpb24iOiJvcmcxLmRlcGFydG1lbnQxIiwiaGYuRW5yb2xsbWVudElEIjoidXNlcjEiLCJoZi5UeXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0gAMEUCIQCEsV9tzuGPybSaOPqZKWD5jxZIHCEiTmSUHxdmB1wXBgIgOg5j9/BbVLR0oPkwndB+8aL94CDk6KpCHwxyF/c042c=-----END CERTIFICATE-----

Common Name: user1
Organization Unit: client
Valid From: July 19, 2019
Valid To: July 18, 2020
Issuer: ca.org1.example.com, org1.example.com

-----BEGIN CERTIFICATE-----MIICXTCCAgSgAwIBAgIUazdK1QSe9HcoSmMJbrisPZwoCXEwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTkxMjE3MTEwODAwWhcNMjAxMjE2MTExMzAwWjAhMQ8wDQYDVQQLEwZjbGllbnQxDjAMBgNVBAMTBXVzZXIxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeb/0Rt9MW4yJF6/Vcai0hWf8Feeo/QJP9jUbUH00bs0nWNjN42M6v3BpWpUuK2v/8vQ9jyklGxqSejIWnF3OFaOBuzCBuDAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUNs4wu9T0QTxt16CT0NIawbZyOWgwHwYDVR0jBBgwFoAUF2dCPaqegj/ExR2fW8OZ0bWcSBAwWAYIKgMEBQYHCAEETHsiYXR0cnMiOnsiaGYuQWZmaWxpYXRpb24iOiIiLCJoZi5FbnJvbGxtZW50SUQiOiJ1c2VyMSIsImhmLlR5cGUiOiJjbGllbnQifX0wCgYIKoZIzj0EAwIDRwAwRAIgTATSxbQ2VSuNbFbT6k+e01xH/BnbtJTD0YojDHwU0EQCIGLfhELq6h0jbWi2J0dQKtGViI6BF/XgC2ooP2XRgf61-----END CERTIFICATE-----

Common Name: user1
Organization Unit: client
Valid From: December 17, 2019
Valid To: December 16, 2020
Issuer: example.com, Internet Widgets, Inc.

因此，正如您从这里看到的，这个证书似乎一切正常，让我记住，这是在第一个未启用TLS的网络中生成的

如果我现在使用TLS检查网络中生成的证书，我会得到以下结果：

-----BEGIN CERTIFICATE-----MIICjzCCAjWgAwIBAgIUbEu5crMvBdY73wBFhOI/3uSi5gIwCgYIKoZIzj0EAwIwczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTkwNzE5MDgzODAwWhcNMjAwNzE4MDg0MzAwWjBCMTAwDQYDVQQLEwZjbGllbnQwCwYDVQQLEwRvcmcxMBIGA1UECxMLZGVwYXJ0bWVudDExDjAMBgNVBAMTBXVzZXIxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM25kseg3ybw0/F2dbwJznq3SKXQ2LRpiHnIGBDhiYVBpV2bgpzPfw1XbD5U+Ea4xwKLFJgoRFSjZWRaEe1vazaOB1zCB1DAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzFVc46aR76s9R9fWIXlbKwrHf9gwKwYDVR0jBCQwIoAgdjzlEttw+/yR/81K0B0HTToBKuJIikLbsaR6nOiJXegwaAYIKgMEBQYHCAEEXHsiYXR0cnMiOnsiaGYuQWZmaWxpYXRpb24iOiJvcmcxLmRlcGFydG1lbnQxIiwiaGYuRW5yb2xsbWVudElEIjoidXNlcjEiLCJoZi5UeXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0gAMEUCIQCEsV9tzuGPybSaOPqZKWD5jxZIHCEiTmSUHxdmB1wXBgIgOg5j9/BbVLR0oPkwndB+8aL94CDk6KpCHwxyF/c042c=-----END CERTIFICATE-----

Common Name: user1
Organization Unit: client
Valid From: July 19, 2019
Valid To: July 18, 2020
Issuer: ca.org1.example.com, org1.example.com

-----BEGIN CERTIFICATE-----MIICXTCCAgSgAwIBAgIUazdK1QSe9HcoSmMJbrisPZwoCXEwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTkxMjE3MTEwODAwWhcNMjAxMjE2MTExMzAwWjAhMQ8wDQYDVQQLEwZjbGllbnQxDjAMBgNVBAMTBXVzZXIxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeb/0Rt9MW4yJF6/Vcai0hWf8Feeo/QJP9jUbUH00bs0nWNjN42M6v3BpWpUuK2v/8vQ9jyklGxqSejIWnF3OFaOBuzCBuDAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUNs4wu9T0QTxt16CT0NIawbZyOWgwHwYDVR0jBBgwFoAUF2dCPaqegj/ExR2fW8OZ0bWcSBAwWAYIKgMEBQYHCAEETHsiYXR0cnMiOnsiaGYuQWZmaWxpYXRpb24iOiIiLCJoZi5FbnJvbGxtZW50SUQiOiJ1c2VyMSIsImhmLlR5cGUiOiJjbGllbnQifX0wCgYIKoZIzj0EAwIDRwAwRAIgTATSxbQ2VSuNbFbT6k+e01xH/BnbtJTD0YojDHwU0EQCIGLfhELq6h0jbWi2J0dQKtGViI6BF/XgC2ooP2XRgf61-----END CERTIFICATE-----

Common Name: user1
Organization Unit: client
Valid From: December 17, 2019
Valid To: December 16, 2020
Issuer: example.com, Internet Widgets, Inc.

你会同意这看起来很奇怪。 我的ca已经联系过了，在日志中，管理员和用户都说enroll 200 OK，但似乎发卡机构完全不同，它不是我的ca。 这与启用TLS类似，节点SDK正在生成默认证书，因此我无法联系我的对等方，因为我没有通过TLS的身份验证

---

如何解决这个问题？

我对这里的一些细节感到有点困惑，但如果您不是在本地计算机上以测试网络的形式运行它，那么您需要将discovery.asLocalhost的值指定为false，因为它默认设置为true

gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: 'user1', discovery: { enabled: false, asLocalhost: false }});
const network = await gateway.getNetwork(channelName);
contract = network.getContract('traceability');