From cdae5c69f2e66825dd6653ef5d762a90f0665aaa Mon Sep 17 00:00:00 2001 From: "Mark S. Lewis" Date: Sun, 22 Sep 2024 13:50:38 +0100 Subject: [PATCH] Change default for V1_3 compatibility to false There should be no need to maintain compatibility with insecure tokens from Fabric v1.3. The default is now to require secure tokens. Compatibility with the old secure tokens can still be enabled by settings the FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3 environment variable to "true". Signed-off-by: Mark S. Lewis --- lib/server.go | 15 +++++++-------- util/util_test.go | 3 +-- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/lib/server.go b/lib/server.go index 0d924c2f..9fb3d08f 100644 --- a/lib/server.go +++ b/lib/server.go @@ -330,14 +330,13 @@ func (s *Server) initConfig() (err error) { // Make file names absolute s.makeFileNamesAbsolute() - compModeStr := os.Getenv("FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3") - if compModeStr == "" { - compModeStr = "true" // TODO: Change default to false once all clients have been updated to use the new authorization header - } - - s.Config.CompMode1_3, err = strconv.ParseBool(compModeStr) - if err != nil { - return errors.WithMessage(err, "Invalid value for boolean environment variable 'FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3'") + if compModeStr := os.Getenv("FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3"); compModeStr == "" { + s.Config.CompMode1_3 = false + } else { + s.Config.CompMode1_3, err = strconv.ParseBool(compModeStr) + if err != nil { + return errors.WithMessage(err, "Invalid value for boolean environment variable 'FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3'") + } } return nil diff --git a/util/util_test.go b/util/util_test.go index e71a1d4f..89060d16 100644 --- a/util/util_test.go +++ b/util/util_test.go @@ -50,7 +50,6 @@ func TestECCreateToken(t *testing.T) { tok, err := CreateToken(bccsp, cert, privKey, "GET", "/enroll", body) assert.NoError(t, err, "CreateToken failed") - os.Setenv("FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3", "false") // Test new token _, err = VerifyToken(bccsp, tok, "GET", "/enroll", body, false) assert.NoError(t, err, "VerifyToken failed") @@ -87,7 +86,7 @@ func TestECCreateToken(t *testing.T) { _, err = VerifyToken(bccsp, oldToken, "GET", "/enroll", body, false) assert.Error(t, err) - // Test that by default with no environment variable set, the old token is considered valid + // With comptability mode enabled, the old token is considered valid os.Unsetenv("FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3") _, err = VerifyToken(bccsp, oldToken, "GET", "/enroll", body, true) assert.NoError(t, err, "Failed to verify token using old token type")