2.10 adds a couple space separated fields to the sourcing message header from 2 to 4 but the current 2.9 code is too strict of checking the number of fields is exactly 2 rather than at least 2
Signed-off-by: Jean-Noël Moyne <jnmoyne@gmail.com>
- [x] Tests added
- [x] Branch rebased on top of current main (`git pull --rebase origin
main`)
- [x] Changes squashed to a single commit (described
[here](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
- [x] You have certified that the contribution is your original work and
that you license the work to the project under the [Apache 2
license](https://github.com/nats-io/nats-server/blob/main/LICENSE)
### Changes proposed in this pull request:
- Creates new TLS certificates and private keys for testing with various
key types
- RSA (1024, 2048, 4096)
- ED25519
- Adds a benchmark that measures NATS Core request-reply performance
over TLS-encrypted connections
- [x] Link to issue, e.g. `Resolves #NNN`
- [ ] Documentation added (if applicable)
- [x] Tests added
- [ ] Branch rebased on top of current main (`git pull --rebase origin
main`)
- [ ] Changes squashed to a single commit (described
[here](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
- [ ] Build is green in Travis CI
- [x] You have certified that the contribution is your original work and
that you license the work to the project under the [Apache 2
license](https://github.com/nats-io/nats-server/blob/main/LICENSE)
Resolves#4422
### Changes proposed in this pull request:
- Added `Access-Control-Allow-Origin` header to allow CORS requests for
the monitoring server
- Added a check in the tests for the header when the `Content-Type` is
`application/json`
This propagates a delivered update and we updated the store state engine to do the right thing when the condition is reached.
Signed-off-by: Derek Collison <derek@nats.io>
This would cause us to think the replica was caughtup incorrectly and drop our leadership, which would cancel any cacthup requests.
Signed-off-by: Derek Collison <derek@nats.io>
Fix for a bug that would allow old leaders of pull based durables to
delete a consumer from an inactivity threshold timer inadvertently.
Signed-off-by: Derek Collison <derek@nats.io>
We violated the locking pattern, so we now make sure we do this in a
separate Go routine and put checks to only run it once.
Signed-off-by: Derek Collison <derek@nats.io>
We violated the locking pattern, so we now make sure we do this in a separate Go routine and put checks to only run it once.
Signed-off-by: Derek Collison <derek@nats.io>
- Adds reporting the line with the bad key position
that makes the config invalid.
- Fixes a few tests with trailing braces which were
being handled as keys and ignored before.
Signed-off-by: Waldemar Quevedo <wally@nats.io>
This PR backports the OCSP Peer feature option (as in 2.10 train) and
includes two fixes for the existing OCSP Staple feature.
OCSP Staple:
1. Fixed and clarified how NATS Server determines its own Issuer CA when
obtaining and validating an OCSP Response for subsequent staple
2. Eliminated problematic assumption that all node peers are issued by
same CA when NATS Server validates ROUTE and GATEWAY peer nodes
3. Added OCSP Response effectivity checks on ROUTE and GATEWAY
peer-presented staple
Note for #3: Allowed host clock skew between node peers set at
30-seconds. If the OCSP Response contains an empty assertion for
NextUpdate, NATS Server will default to 1-hour validity (after
ThisUpdate). It is recommended that CA OCSP Responder should assert
NextUpdate.
Three issues were found and resolved.
1. Purge replays after recovery could execute full purge.
2. Callback was registered without lock, which could lead to skew.
3. Cluster reset could stop stream store and recreate it, which could lead to double accounting.
Signed-off-by: Derek Collison <derek@nats.io>
