握手失败并出现致命错误 SSL_ERROR_SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number答案

【问题标题】：Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number握手失败并出现致命错误 SSL_ERROR_SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
【发布时间】：2018-04-26 09:07:47
【问题描述】：

首先，我知道这是来自this link 的重复问题，但提问者似乎不再回答... 但我仍然有问题，需要帮助！

所以，当我使用命令 composer install 时，我遇到了这个错误：

⠙ Installing business network. This may take a minute...E0426 10:56:40.033781775 24341 ssl_transport_security.cc:989] Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

这是我正在使用的connection.json 文件：

{
"name": "hlfv1",
"x-type": "hlfv1",
"x-commitTimeout": 300,
"version": "1.0.0",
"client": {
    "organization": "Org1",
    "connection": {
        "timeout": {
            "peer": {
                "endorser": "300",
                "eventHub": "300",
                "eventReg": "300"
            },
            "orderer": "300"
        }
    }
},
"channels": {
    "composerchannel": {
        "orderers": [
            "orderer.example.com"
        ],
        "peers": {
            "peer0.org1.example.com": {
                "endorsingPeer": true,
                "chaincodeQuery": true,
                "eventSource": true
            }
        }
    }
},
"organizations": {
    "Org1": {
        "mspid": "Org1MSP",
        "peers": [
            "peer0.org1.example.com"
        ],
        "certificateAuthorities": [
            "ca.org1.example.com"
        ]
    }
},
"orderers": {
    "orderer.example.com": {
        "url": "grpcs://<My_IP>:7050",
        "grpcOptions": {
            "ssl-target-name-override": "orderer.example.com"
        },
        "tlsCACerts": {
            "pem": "INSERT_ORDERER_CA_CERT"
        }
    }
},
"peers": {
    "peer0.org1.example.com": {
        "url": "grpcs://<My_IP>:7051",
        "eventUrl": "grpcs://<My_IP>:7053",
        "grpcOptions": {
            "ssl-target-name-override": "peer0.org1.example.com"
        },
        "tlsCACerts": {
            "pem": "INSERT_ORG1_CA_CERT"
        }
    }
},
"certificateAuthorities": {
    "ca.org1.example.com": {
        "url": "https://<My_IP>:7054",
        "caName": "ca.org1.example.com",
        "httpOptions": {
            "verify": false
        }
    }
}
}

这是我正在使用的docker-compose.yaml 文件：

version: '2'
services:
  ca.org1.example.com:
    image: hyperledger/fabric-ca:$ARCH-1.1.0
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca.org1.example.com
  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer:$ARCH-1.1.0
    environment:
      - ORDERER_GENERAL_LOGLEVEL=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/composer-genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    ports:
      - 7050:7050
    volumes:
        - ./:/etc/hyperledger/configtx
        - ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/etc/hyperledger/msp/orderer/msp
  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    image: hyperledger/fabric-peer:$ARCH-1.1.0
    environment:
      - CORE_LOGGING_LEVEL=debug
      - CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=composer_default
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
      - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
      - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: peer node start
    ports:
      - 7051:7051
      - 7052:7052
      - 7053:7053
    volumes:
        - /var/run/:/host/var/run/
        - ./:/etc/hyperledger/configtx
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/peer/msp
        - ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/peer/tls
    depends_on:
      - orderer.example.com
      - couchdb
  couchdb:
    container_name: couchdb
    image: hyperledger/fabric-couchdb:$ARCH-0.4.6
    ports:
      - 5984:5984
    environment:
      DB_URL: http://localhost:5984/member_db

我不知道该怎么做，我真的需要帮助。

谢谢

【问题讨论】：

在你的 connection.json 我看到你有我猜在你的文件中你确实有 IP 地址 - 但是你是否也用你的 pem 证书替换了“INSERT_ORG1_CA_CERT”等，在 1 长包含 \n 字符的字符串？此外，如果您查看您的容器日志（可能的 CA 和 Orderer），您将看到错误的更多详细信息。
是的，我像这样替换了“INSERT_ORG1_CA_CERT”perl -p -i -e 's@INSERT_ORG1_CA_CERT@$ENV{ORG1_CA_CERT}@g' tmp/connectionOrg2.json
而且我在 CA、Orderer 或 Peer0 的 docker 日志中找不到错误....
您是否预先生成新的证书？这对我来说是个问题。
好吧，我只是从 createPeerAdminCard.sh 中的 fabric-tools>fabric-scripts>hlfv11 复制 connectionProfile.json 并使用它。在这一个中，有"tlsCACerts": { "pem": "INSERT_ORG1_CA_CERT" } 供同行使用，它有效:)

标签： hyperledger-fabric hyperledger hyperledger-composer

【解决方案1】：

如果您在结构设置中禁用了 TLS，则将所有出现的 grpcs 更改为 grpc 并将 https 更改为 http。它应该工作。我也有同样的错误，这对我有用。

【讨论】：