A Corda node does transaction verification through
ServiceHub.transactionVerifierService. This is by default an
InMemoryTransactionVerifierService which just verifies transactions in-process.
Corda may be configured to use out of process verification. Any number of verifiers may be started connecting to a node through the node’s exposed artemis SSL port. The messaging layer takes care of load balancing.
We plan to introduce kernel level sandboxing around the out of process verifiers as an additional line of defence in case of inner sandbox escapes.
To configure a node to use out of process verification specify the
verifierType option in your node.conf:
myLegalName : "O=Bank A,L=London,C=GB" p2pAddress : "my-corda-node:10002" webAddress : "localhost:10003" verifierType: "OutOfProcess"
You can build a verifier jar using
And run it with
java -jar verifier/build/libs/corda-verifier.jar <PATH_TO_VERIFIER_BASE_DIR>.
PATH_TO_VERIFIER_BASE_DIR should contain a
certificates folder akin to the one in a node directory, and a
verifier.conf containing the following:
nodeHostAndPort: "my-corda-node:10002" keyStorePassword : "cordacadevpass" trustStorePassword : "trustpass"