Out-of-process verificationΒΆ

A Corda node does transaction verification through ServiceHub.transactionVerifierService. This is by default an InMemoryTransactionVerifierService which just verifies transactions in-process.

Corda may be configured to use out of process verification. Any number of verifiers may be started connecting to a node through the node’s exposed artemis SSL port. The messaging layer takes care of load balancing.

Note

We plan to introduce kernel level sandboxing around the out of process verifiers as an additional line of defence in case of inner sandbox escapes.

To configure a node to use out of process verification specify the verifierType option in your node.conf:

myLegalName : "CN=Bank A,O=Bank A,L=London,C=UK"
p2pAddress : "my-corda-node:10002"
webAddress : "localhost:10003"
networkMapService : {
    address : "my-network-map:10000"
    legalName : "CN=Network Map Service,O=R3,OU=corda,L=London,C=UK"
}
verifierType: "OutOfProcess"

You can build a verifier jar using ./gradlew verifier:standaloneJar.

And run it with java -jar verifier/build/libs/corda-verifier.jar <PATH_TO_VERIFIER_BASE_DIR>.

PATH_TO_VERIFIER_BASE_DIR should contain a certificates folder akin to the one in a node directory, and a verifier.conf containing the following:

nodeHostAndPort: "my-corda-node:10002"
keyStorePassword : "cordacadevpass"
trustStorePassword : "trustpass"