Hyperledger Fabric SDK not starting TLS handshake

Question

I'm trying to get a small golang application to connect to a hyperledger fabric network. The network is based on one of the official hyperledger-fabric samples, called 'first-network'. It is started by their 'byfn.sh' script and runs a functioning end-2-end test. The test executes commands directly using the 'cli' container that has all the valid crypto material.

I, however, try to do query or create a Tx using the fabric-sdk-go. I created a connection profile based on the official documentation and samples I found online.

sdk, err := fabsdk.New(config.FromFile("../integrity-network/connection-profile.yaml"))
...
clientChannelContext := sdk.ChannelContext("integrity-channel", fabsdk.WithUser("Admin@org1.example.com"), fabsdk.WithOrg("Org1"))

Reading the profile and creating the SDK instance works, however creation of the channel context fails and peer0 of org1 tells me: first record does not look like a TLS handshake

I'm a bit confused about the crypto material I have to provide in the connection profile, but based on examples online I think it should be correct:

x-type: "hlfv1"
description: "Connection profile for our integrity network."
version: "1.0"
client:
  organization: org1
  logging:
    level: debug
  cryptoconfig:
    path: ../integrity-network/crypto-config/
  credentialStore:
    path: "/tmp/state-store"
    cryptoStore:
      path: /tmp/msp
  tlsCerts:
    systemCertPool: false
    client:
      key:
        path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key
      cert:
        path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt
channels:
    integrity-channel:
      orderers:
        - orderer.example.com
      peers:
        peer0.org1.example.com:
          endorsingPeer: true
          chaincodeQuery: true
          ledgerQuery: true
          eventSource: true
        peer1.org1.example.com:
          endorsingPeer: true
          chaincodeQuery: true
          ledgerQuery: true
          eventSource: true

organizations:
  OrdererOrg:
    mspid: OrdererOrg
    cryptoPath: crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp
    adminPrivateKey:
      path: ../integrity-network/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/keystore/f6dc3f715ffd9547e5ff5e3e08d5ac17f1e2b09968d2daba9e7a9a4e374a2fb1_sk
    signedCert:
      path: ../integrity-network/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts/Admin@example.com-cert.pem
  Org1:
    mspid: Org1MSP
    cryptoPath: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
    peers:
      - peer0.org1.example.com
      - peer1.org1.example.com
    adminPrivateKey:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/25117a9fcadf7b40ed7dcd29b7a478ca86728e564a8388aa889a5de71dec5df8_sk
    signedCert:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
    users:
      Admin@org1.example.com:
        key:
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/25117a9fcadf7b40ed7dcd29b7a478ca86728e564a8388aa889a5de71dec5df8_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
      User1@org1.example.com:
        key: 
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/keystore/e318dc3e94283337e3089673c8aca07ce0d6cc8ffdb03984ab2de11ec7ac11dd_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem
  Org2:
    mspid: Org2MSP
    cryptoPath: crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
    peers:
      - peer0.org2.example.com
      - peer1.org2.example.com
    adminPrivateKey:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/078fca0bf56b77656f745e62100a1fd7d55f5d2c2925b6180daac49b67e64f0d_sk
    signedCert:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem
    users:
      Admin@org2.example.com:
        key: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/078fca0bf56b77656f745e62100a1fd7d55f5d2c2925b6180daac49b67e64f0d_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem
      User1@org2.example.com:
        key: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/keystore/3fee22d1537bc40b5e3d036919e3651976a92e42df5725983400a4012f5bc138_sk
        cert: 
          path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/signcerts/User1@org2.example.com-cert.pem

orderers:
  orderer.example.com:
    url: grpc://localhost:7050
    grpcOptions:
      ssl-target-name-override: orderer.example.com

peers:
  peer0.org1.example.com:
    url: grpc://localhost:7051
    grpcOptions:
      ssl-target-name-override: peer0.org1.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
  peer1.org1.example.com:
    url: grpc://localhost:8051
    grpcOptions:
      ssl-target-name-override: peer1.org1.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
  peer0.org2.example.com:
    url: grpc://localhost:9051
    grpcOptions:
      ssl-target-name-override: peer0.org1.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
  peer1.org2.net.ink.tum.de:
    url: grpc://localhost:10051
    grpcOptions:
      ssl-target-name-override: peer1.org2.example.com
      request-timeout: 120001
    tlsCACerts:
      path: ../integrity-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem

Note: for some reason I needed the users section, otherwise I would get a user not found. Most examples I found online did not include that section.

Answer 1

You need to use grpcs in your peer URLs:

peers:
  peer0.org1.example.com:
    url: grpcs://localhost:7051