Out-of-process verificationΒΆ
A Corda node does transaction verification through ServiceHub.transactionVerifierService
. This is by default an
InMemoryTransactionVerifierService
which just verifies transactions in-process.
Corda may be configured to use out of process verification. Any number of verifiers may be started connecting to a node through the node’s exposed artemis SSL port. The messaging layer takes care of load balancing.
Note
We plan to introduce kernel level sandboxing around the out of process verifiers as an additional line of defence in case of inner sandbox escapes.
To configure a node to use out of process verification specify the verifierType
option in your node.conf:
myLegalName : "O=Bank A,L=London,C=GB"
p2pAddress : "my-corda-node:10002"
webAddress : "localhost:10003"
networkMapService : {
address : "my-network-map:10000"
legalName : "O=Network Map Service,OU=corda,L=London,C=GB"
}
verifierType: "OutOfProcess"
You can build a verifier jar using ./gradlew verifier:standaloneJar
.
And run it with java -jar verifier/build/libs/corda-verifier.jar <PATH_TO_VERIFIER_BASE_DIR>
.
PATH_TO_VERIFIER_BASE_DIR
should contain a certificates
folder akin to the one in a node directory, and a
verifier.conf
containing the following:
nodeHostAndPort: "my-corda-node:10002"
keyStorePassword : "cordacadevpass"
trustStorePassword : "trustpass"