2017-06-05 12:37:23 +00:00
|
|
|
Out-of-process verification
|
2017-03-08 17:21:43 +00:00
|
|
|
===========================
|
|
|
|
|
|
|
|
|
|
A Corda node does transaction verification through ``ServiceHub.transactionVerifierService``. This is by default an
|
|
|
|
|
``InMemoryTransactionVerifierService`` which just verifies transactions in-process.
|
|
|
|
|
|
|
|
|
|
Corda may be configured to use out of process verification. Any number of verifiers may be started connecting to a node
|
|
|
|
|
through the node's exposed artemis SSL port. The messaging layer takes care of load balancing.
|
|
|
|
|
|
|
|
|
|
.. note:: We plan to introduce kernel level sandboxing around the out of process verifiers as an additional line of
|
|
|
|
|
defence in case of inner sandbox escapes.
|
|
|
|
|
|
|
|
|
|
To configure a node to use out of process verification specify the ``verifierType`` option in your node.conf:
|
|
|
|
|
|
|
|
|
|
.. literalinclude:: example-code/src/main/resources/example-out-of-process-verifier-node.conf
|
|
|
|
|
:language: cfg
|
|
|
|
|
|
|
|
|
|
You can build a verifier jar using ``./gradlew verifier:standaloneJar``.
|
|
|
|
|
|
|
|
|
|
And run it with ``java -jar verifier/build/libs/corda-verifier.jar <PATH_TO_VERIFIER_BASE_DIR>``.
|
|
|
|
|
|
|
|
|
|
``PATH_TO_VERIFIER_BASE_DIR`` should contain a ``certificates`` folder akin to the one in a node directory, and a
|
|
|
|
|
``verifier.conf`` containing the following:
|
|
|
|
|
|
|
|
|
|
.. literalinclude:: example-code/src/main/resources/example-verifier.conf
|
|
|
|
|
:language: cfg
|
