From 4e7f67ca75ca3f7e2fa7601ea572b6d44c55d5dc Mon Sep 17 00:00:00 2001 From: liuyuanmu Date: Wed, 27 Apr 2022 09:28:48 +0800 Subject: [PATCH] fix gmtls bugs --- core | 2 +- .../config/application-gw.properties | 36 +++++++++----- .../src/main/resources/assembly.xml | 2 +- .../config/application-peer.properties | 47 +++++++++---------- framework | 2 +- libs/bft-smart | 2 +- libs/httpservice | 2 +- libs/utils | 2 +- 8 files changed, 52 insertions(+), 43 deletions(-) diff --git a/core b/core index 2a94f276..5f939ead 160000 --- a/core +++ b/core @@ -1 +1 @@ -Subproject commit 2a94f2761eb6a52bd5ca85b80c9fe875c1e1f765 +Subproject commit 5f939eada8afe0c0a10a3b8d8b651b69da728077 diff --git a/deploy/deploy-gateway/src/main/resources/config/application-gw.properties b/deploy/deploy-gateway/src/main/resources/config/application-gw.properties index b67a9caa..459bb286 100644 --- a/deploy/deploy-gateway/src/main/resources/config/application-gw.properties +++ b/deploy/deploy-gateway/src/main/resources/config/application-gw.properties @@ -2,18 +2,30 @@ server.compression.enabled=true server.compression.mime-types=application/json,application/xml,text/html,text/xml,text/plain -# SSL -server.ssl.protocol= -server.ssl.enabled-protocols= -server.ssl.ciphers= -server.ssl.key-store= -server.ssl.key-store-type=PKCS12 -server.ssl.key-alias= -server.ssl.key-store-password= -server.ssl.trust-store= -server.ssl.trust-store-password= -server.ssl.trust-store-type=JKS -server.ssl.hostNameVerifier=NO-OP +# TLS +#server.ssl.key-store= +#server.ssl.key-store-type=PKCS12 +#server.ssl.key-alias= +#server.ssl.key-store-password=123456 +#server.ssl.protocol=TLS +#server.ssl.enabled-protocols=TLSv1.2 +#server.ssl.trust-store= +#server.ssl.trust-store-password= +#server.ssl.trust-store-type=JKS +#server.ssl.hostNameVerifier=NO-OP + +# GMTLS +#server.ssl.key-store= +#server.ssl.key-store-type=PKCS12 +#server.ssl.key-alias= +#server.ssl.key-store-password= +#server.ssl.protocol=GMTLS +#server.ssl.enabled-protocols=GMTLS,TLSv1.2 +#server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,ECC_SM4_CBC_SM3,ECDHE_SM4_GCM_SM3,ECDHE_SM4_CBC_SM3 +#server.ssl.trust-store= +#server.ssl.trust-store-password= +#server.ssl.trust-store-type=JKS +#server.ssl.hostNameVerifier=NO-OP # 浏览器鉴权,设置用户名/密码,若没有配置则区块链浏览器完全开放 spring.security.user.name=jdchain diff --git a/deploy/deploy-peer/src/main/resources/assembly.xml b/deploy/deploy-peer/src/main/resources/assembly.xml index 4b0fe58e..2f7548ff 100644 --- a/deploy/deploy-peer/src/main/resources/assembly.xml +++ b/deploy/deploy-peer/src/main/resources/assembly.xml @@ -25,7 +25,7 @@ unix - ${basedir}/../../libs/utils/utils-sm-tls/lib + ${basedir}/../../libs/utils/utils-crypto-sm/lib libs diff --git a/deploy/deploy-peer/src/main/resources/config/application-peer.properties b/deploy/deploy-peer/src/main/resources/config/application-peer.properties index 6c4ef922..e22c3469 100644 --- a/deploy/deploy-peer/src/main/resources/config/application-peer.properties +++ b/deploy/deploy-peer/src/main/resources/config/application-peer.properties @@ -2,37 +2,34 @@ server.compression.enabled=true server.compression.mime-types=application/json,application/xml,text/html,text/xml,text/plain -# 管理服务TLS配置 -server.ssl.enabled=false -server.ssl.client-auth=none -server.ssl.protocol= -server.ssl.enabled-protocols= -server.ssl.ciphers= -server.ssl.key-store= -server.ssl.key-store-type=PKCS12 -server.ssl.key-alias= -server.ssl.key-store-password= -server.ssl.trust-store= -server.ssl.trust-store-password= -server.ssl.trust-store-type=JKS - -server.ssl.protocol= -server.ssl.enabled-protocols= -server.ssl.ciphers= -server.ssl.hostNameVerifier=NO-OP +# TLS +#server.ssl.enabled=true +#server.ssl.client-auth=need +#server.ssl.key-store= +#server.ssl.key-store-type=PKCS12 +#server.ssl.key-alias= +#server.ssl.key-store-password=123456 +#server.ssl.protocol=TLS +#server.ssl.enabled-protocols=TLSv1.2 +#server.ssl.trust-store= +#server.ssl.trust-store-password= +#server.ssl.trust-store-type=JKS +#server.ssl.hostNameVerifier=NO-OP -#GM TLS配置 -#示例: +# GMTLS #server.ssl.enabled=true -#server.ssl.key-store=cert/sm2.node0.both.pfx +#server.ssl.client-auth=need +#server.ssl.key-store= #server.ssl.key-store-type=PKCS12 #server.ssl.key-alias= -#server.ssl.key-store-password=12345678 +#server.ssl.key-store-password= #server.ssl.protocol=GMTLS -#server.ssl.hostNameVerifier=NO-OP -#server.ssl.enabled-protocols=TLSv1.2,GMSSLv1.1 +#server.ssl.enabled-protocols=GMTLS,TLSv1.2 #server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,ECC_SM4_CBC_SM3,ECDHE_SM4_GCM_SM3,ECDHE_SM4_CBC_SM3 - +#server.ssl.trust-store= +#server.ssl.trust-store-password= +#server.ssl.trust-store-type=JKS +#server.ssl.hostNameVerifier=NO-OP management.endpoints.web.exposure.include=prometheus management.metrics.tags.application=peer diff --git a/framework b/framework index e66f85cb..d7094b0b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit e66f85cb7daf317f990b2b07e57e904ed1c30034 +Subproject commit d7094b0b5e4c958e5960dc06966c327e91c410f0 diff --git a/libs/bft-smart b/libs/bft-smart index 07e6e3b4..79669fba 160000 --- a/libs/bft-smart +++ b/libs/bft-smart @@ -1 +1 @@ -Subproject commit 07e6e3b417161354c9636e650fd0f42953b7d2ab +Subproject commit 79669fba3b0653f0e44298834db70d9c8ba2515e diff --git a/libs/httpservice b/libs/httpservice index dfa6ca19..32c12b63 160000 --- a/libs/httpservice +++ b/libs/httpservice @@ -1 +1 @@ -Subproject commit dfa6ca1934f6fdee473ecf2fddf3c767aaeea03b +Subproject commit 32c12b630e3b89bb573314474ac7f53fc945c94e diff --git a/libs/utils b/libs/utils index 30412b09..69b5cbc6 160000 --- a/libs/utils +++ b/libs/utils @@ -1 +1 @@ -Subproject commit 30412b092d052e142e8a5f6ef40ee00bea63f458 +Subproject commit 69b5cbc663dd47c60a9914ae20ad07866a2656d5