Skip to content

GitLab

新注册的用户请输入邮箱并保存,随后登录邮箱激活账号。后续可直接使用邮箱登录!

Closed
Opened by lgk@lgk1 of 17 tasks completed1/17 tasks

使用chainmaker-did-sdk-go时,出现GRPC 连接失败,TLS 握手过程中证书验证失败

【问题分类】

  • bug
  • P2P网络相关(包含libp2p,liquid)
  • 链账户身份与权限相关(证书问题、public、多签投票问题)
  • 核心交易引擎相关(交易池、DAG)
  • 共识相关
  • [√] 智能合约相关
  • 存储相关
  • [√] SDK相关
  • 长安链CMC工具
  • 长安链管理台
  • 长安链浏览器
  • 长安链合约IDE
  • 长安链web签名插件
  • 跨链相关
  • 轻节点相关
  • 隐私计算相关
  • 密码学相关
  • 环境依赖
  • 其他补充:

【问题描述】在使用chainmaker-did-sdk-go时,根据README.md中进行操作到生成DID文档:

$ ./console doc gen \
--sks-path=./testdata/sk.pem \
--pks-path=./testdata/pk.pem \
--controller=did:cm:test1,did:cm:test2 \
--sdk-path=./testdata/sdk_config.yml \
--doc-path=./testdata/doc.json

时,出现以下错误

li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$ ./console doc gen
--sks-path=./testdata/sk.pem
--pks-path=./testdata/pk.pem
--controller=did:cm:test1,did:cm:test2
--sdk-path=./testdata/sdk_config.yml
--doc-path=./testdata/doc.json Error: [ChainMakerDid-DidMethod] send tx failed, err: [send QUERY_CONTRACT failed, grpc connections unavailable, see sdk log file for more details] Usage: console doc gen [flags]

Flags: --controller strings specify the controller of the DID document --doc-path string specify the path of the DID document -h, --help help for gen -P, --pks-path strings specify the storage path of public key list -C, --sdk-path string specify the path of ChainMaker's sdk config file -S, --sks-path strings specify the storage path of private key list

panic: [ChainMakerDid-DidMethod] send tx failed, err: [send QUERY_CONTRACT failed, grpc connections unavailable, see sdk log file for more details]

goroutine 1 [running]: main.main() /home/li/chainmaker-did-sdk-go/console/main.go:37 +0x295

之后检查sdk.log的内容如下

li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$ cat sdk.log 2025-05-17 21:31:06.186 [DEBUG] [SDK] v2@v2.3.4/sdk_config.go:1018 [SDK] use tls 2025-05-17 21:31:06.186 [DEBUG] [SDK] invoke/contract.go:75 [SDK] begin to QUERY contract, [contractName:ChainMakerDid]/[method:DidMethod]/[params:[]] 2025-05-17 21:31:06.187 [ERROR] [SDK] v2@v2.3.4/sdk_client.go:461 [SDK] request to [0-127.0.0.1:12301-chainmaker.org] failed rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority", try to connect another node 2025-05-17 21:59:12.375 [DEBUG] [SDK] v2@v2.3.4/sdk_config.go:1018 [SDK] use tls 2025-05-17 21:59:12.375 [DEBUG] [SDK] invoke/contract.go:75 [SDK] begin to QUERY contract, [contractName:ChainMakerDid]/[method:DidMethod]/[params:[]] 2025-05-17 21:59:12.376 [ERROR] [SDK] v2@v2.3.4/sdk_client.go:461 [SDK] request to [0-127.0.0.1:12301-chainmaker.org] failed rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority", try to connect another node

然后询问ai和查询issue,怀疑是crt和key不一致,所以进行下列检查:

li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$ openssl pkey -in ./testdata/crypto-config/wx-org1.chainmaker.org/node/consensus1/consensus1.tls.key -noout -text Private-Key: (256 bit) priv: 66:4d:e8:54:91:ae:5c:f0:31:56:41:6b:d6:23:2b: 41:17:25:5a:d9:d9:f5:7e:a4:a9:99:7f:06:63:b9: 8e:e8 pub: 04:a0:43:53:89:2e:a8:47:e0:69:cb:25:0b:1d:20: e8:95:54:b0:71:1c:55:5d:f2:93:c3:9b:c0:52:96: 6b:7e:a7:50:17:a7:c5:4e:cd:14:27:55:4d:8d:0e: c6:cc:ae:96:40:c2:cc:bd:67:a9:c0:a8:5d:11:b9: 17:2f:5d:e8:8c ASN1 OID: prime256v1 NIST CURVE: P-256 li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$ openssl ec -in ./testdata/crypto-config/wx-org1.chainmaker.org/node/consensus1/consensus1.tls.key -pubout -out public_key_from_key.pem read EC key writing EC key li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$ openssl x509 -in ./testdata/crypto-config/wx-org1.chainmaker.org/node/consensus1/consensus1.tls.crt -pubkey -noout -out public_key_from_crt.pem li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$ diff public_key_from_key.pem public_key_from_crt.pem li@DESKTOP-44HK4I5:~/chainmaker-did-sdk-go/console$

证书(.crt)和私钥(.key)的公钥完全一致,说明它们是匹配的。但 GRPC 连接仍报错 x509: certificate signed by unknown authority。 之后检查节点的日志,发现没有报错。

系统信息: li@DESKTOP-44HK4I5:~$ go version go version go1.19.13 linux/amd64 li@DESKTOP-44HK4I5:~$ docker version Client: Version: 26.1.3 API version: 1.45 Go version: go1.22.2 Git commit: 26.1.3-0ubuntu1~24.04.1 Built: Mon Oct 14 14:29:26 2024 OS/Arch: linux/amd64 Context: default

Server: Engine: Version: 26.1.3 API version: 1.45 (minimum version 1.24) Go version: go1.22.2 Git commit: 26.1.3-0ubuntu1~24.04.1 Built: Mon Oct 14 14:29:26 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.24 GitCommit: runc: Version: 1.1.12-0ubuntu3.1 GitCommit: docker-init: Version: 0.19.0 GitCommit: li@DESKTOP-44HK4I5:~$ docker compose version Docker Compose version v2.35.1

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © 2021 ChainMaker Org. All Rights Reserved. 长安链 版权所有。