gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
4df6c9aeb8e3d028b5ab4cfa519492aa3c594156
nats-server/server
History
Derek Collison 4df6c9aeb8 [ADDED] TLS: Handshake First for client connections (#4642) 
A new option instructs the server to perform the TLS handshake first,
that is prior to sending the INFO protocol to the client.

Only clients that implement equivalent option would be able to connect
if the server runs with this option enabled.

The configuration would look something like this:
```
...
tls {
    cert_file: ...
    key_file: ...

    handshake_first: true
}
```

The same option can be set to "auto" or a Go time duration to fallback
to the old behavior. This is intended for deployments where it is known
that not all clients have been upgraded to a client library providing
the TLS handshake first option.

After the delay has elapsed without receiving the TLS handshake from the
client, the server reverts to sending the INFO protocol so that older
clients can connect. Clients that do connect with the "TLS first" option
will be marked as such in the monitoring's Connz page/result. It will
allow the administrator to keep track of applications still needing to
upgrade.

The configuration would be similar to:
```
...
tls {
    cert_file: ...
    key_file: ...

    handshake_first: auto
}
```
With the above value, the fallback delay used by the server is 50ms.

The duration can be explcitly set, say 300 milliseconds:
```
...
tls {
    cert_file: ...
    key_file: ...

    handshake_first: "300ms"
}
```

It is understood that any configuration other that "true" will result in
the server sending the INFO protocol after the elapsed amount of time
without the client initiating the TLS handshake. Therefore, for
administrators that do not want any data transmitted in plain text, the
value must be set to "true" only. It will require applications to be
updated to a library that provides the option, which may or may not be
readily available.

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
2023-10-16 07:49:08 -07:00
..
avl
Allow more time in TestNoRaceSeqSetEncodeLarge
2023-09-08 16:36:28 +01:00
certidp
OCSP Peer Feature
2023-08-02 11:25:48 -07:00
certstore
Fixed local issuer determination for OCSP Staple, issue #3773
2023-08-02 11:52:36 -07:00
configs
Use dynamic port number in benchmark
2023-09-01 12:58:52 -07:00
pse
Initial support for zOS (#4209)
2023-07-18 12:21:31 -07:00
sysmem
Initial support for zOS
2023-06-03 10:03:23 +05:30
accounts_test.go
test: fix TestAccountImportCycle flake
2023-08-08 23:41:18 -07:00
accounts.go
Small performance tweak to checkForReverseEntries.
2023-09-26 21:43:20 -07:00
auth_callout_test.go
Use preferred value tests (equal, not equal) rather than booleans for better fail logs
2023-09-15 14:41:41 -07:00
auth_callout.go
Cleanup for some staticcheck warnings
2023-07-21 19:17:54 -07:00
auth_test.go
Authentication and Authorization callouts for server configuration mode.
2022-12-28 10:32:45 -08:00
auth.go
Moved to atomics to detect if we have mapped subjects for an account since check for each inbound message.
2023-09-25 11:43:34 -07:00
benchmark_publish_test.go
certstore_windows_test.go
Cert Store (aka wincert)
2023-06-22 12:25:54 -07:00
ciphersuites.go
client_test.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
client.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
closed_conns_test.go
config_check_test.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
const.go
[ADDED] TLS: Handshake First for client connections (#4642)
2023-10-16 07:49:08 -07:00
consumer.go
Fix updating a non unique consumer on workqueue stream not returning an error
2023-10-12 12:18:24 +03:00
core_benchmarks_test.go
Add fan-in/out benchmarks
2023-10-14 00:56:09 -04:00
dirstore_test.go
Fix some lint errors after move to golangci-lint
2022-12-30 20:00:08 +00:00
dirstore.go
resolver: improve signaling for missing account lookups (#4151)
2023-05-14 11:10:25 -07:00
disk_avail_netbsd.go
disk_avail_openbsd.go
disk_avail_wasm.go
disk_avail_windows.go
disk_avail.go
errors_gen.go
errors_test.go
errors.go
Harmonize subject mapping error variable names
2023-06-01 14:15:27 -07:00
errors.json
Consumers inherit limits for max_ack_pending and inactive_threshold from stream
2023-09-01 10:54:11 +01:00
events_test.go
flake: Fixes TestAccountReqMonitoring
2023-09-06 03:43:11 -07:00
events.go
Optimizations to reduce contention for high connections in a JetStream enabled account with high API usage.
2023-09-30 14:52:15 -07:00
filestore_test.go
Fixed a bug that was not correctly selecting next first because it was not skipping dbit entries.
2023-10-12 10:58:37 -07:00
filestore.go
Only mark fs as dirty vs full write on mb compaction.
2023-10-12 12:59:19 -07:00
fuzz.go
gateway_test.go
monitoring: track slow consumers per connection type
2023-08-09 05:57:42 -07:00
gateway.go
Optimizations to reduce contention for high connections in a JetStream enabled account with high API usage.
2023-09-30 14:52:15 -07:00
ipqueue_test.go
RWMutex does not help here and could hurt
2023-04-05 20:26:45 -07:00
ipqueue.go
different panic fixes
2023-06-02 13:19:22 +03:00
jetstream_api.go
Optimize locking for consumer info
2023-10-02 09:22:44 -07:00
jetstream_benchmark_test.go
Refactor cluster creation for JS benchmarks
2023-09-27 09:26:11 -07:00
jetstream_chaos_test.go
Reduce messages in chaos tests
2023-06-09 17:07:53 +01:00
jetstream_cluster_1_test.go
Report the raft group name in stream and consumer info
2023-10-14 12:28:36 +03:00
jetstream_cluster_2_test.go
[FIXED] Account resolver lock inversion
2023-09-25 15:09:11 -06:00
jetstream_cluster_3_test.go
[FIXED] Routes: Pinned Accounts connect/reconnect in some cases
2023-09-28 10:46:32 -06:00
jetstream_cluster.go
Report the raft group name in stream and consumer info
2023-10-14 12:28:36 +03:00
jetstream_consumer_test.go
Fix updating a non unique consumer on workqueue stream not returning an error
2023-10-12 12:18:24 +03:00
jetstream_errors_generated.go
Consumers inherit limits for max_ack_pending and inactive_threshold from stream
2023-09-01 10:54:11 +01:00
jetstream_errors_test.go
jetstream_errors.go
jetstream_events.go
jetstream_helpers_test.go
[FIXED] Account resolver lock inversion
2023-09-25 15:09:11 -06:00
jetstream_jwt_test.go
Merge branch 'main' into dev
2022-12-13 13:08:35 -08:00
jetstream_leafnode_test.go
Move assigned ports out of ephemeral range
2023-07-14 15:08:17 +01:00
jetstream_super_cluster_test.go
Fixes for move test.
2023-09-12 11:38:35 -07:00
jetstream_test.go
Fixed a bug that was not correctly selecting next first because it was not skipping dbit entries.
2023-10-12 10:58:37 -07:00
jetstream.go
Optimizations to reduce contention for high connections in a JetStream enabled account with high API usage.
2023-09-30 14:52:15 -07:00
jwt_test.go
flake: Fixes TestServerOperatorModeUserInfoExpiration
2023-09-13 11:57:53 +02:00
jwt.go
Authentication and Authorization callouts for server configuration mode.
2022-12-28 10:32:45 -08:00
leafnode_test.go
Set S2 writer concurrency to 1
2023-09-25 09:54:54 +01:00
leafnode.go
Make server shutdown an atomic and check inside unsubscribe to avoid unnecessary work.
2023-09-26 17:53:58 -07:00
log_test.go
Add logtime_utc option
2023-07-21 16:56:13 -07:00
log.go
Changes for max log files option (active plus backups); remove redundant lexical sort of backups; adjust test
2023-09-15 22:08:09 -07:00
memstore_test.go
Track deleted with single avl.SeqSet dmap for now vs old method.
2023-08-05 12:32:29 -07:00
memstore.go
Use write lock in memstore.LoadNextMsg
2023-09-17 17:24:53 -07:00
monitor_sort_opts.go
Fix monitoring server connz idle time sorting
2023-09-01 14:32:08 +03:00
monitor_test.go
Allow sync intervals to be set and the ability to have all data writes synchronous.
2023-09-04 11:05:13 -07:00
monitor.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
mqtt_test.go
[FIXED] MQTT PUBREL header incompatibility (#4616)
2023-10-05 08:07:50 -07:00
mqtt.go
Fixed a crash in MQTT outgoing PUBREL
2023-10-10 18:08:18 -07:00
nkey_test.go
Replace rand.Rand with crypto/rand.Read in Go +1.20
2023-09-05 16:57:49 -07:00
nkey.go
Use crypto/rand.Read instead of math/rand.Read
2023-07-13 12:04:58 +01:00
norace_test.go
Set initial min on dmap caused subtle bugs with dmap. Some minor cleanup.
2023-10-06 09:42:09 -07:00
ocsp_peer.go
Remove ocsp debug log on reload
2023-08-30 14:54:30 -07:00
ocsp_responsecache.go
OCSP Peer Feature
2023-08-02 11:25:48 -07:00
ocsp.go
Merge branch 'main' into dev
2023-08-04 10:15:35 -07:00
opts_test.go
Only setup auto no-auth for $G account iff no authorization block was defined.
2023-09-28 13:51:45 -07:00
opts.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
parser_test.go
[ADDED] Multiple routes and ability to have per-account routes
2023-04-03 09:32:25 -06:00
parser.go
ping_test.go
raft_helpers_test.go
Add Raft goroutine labels, tweak logging
2023-09-16 11:15:06 +01:00
raft_test.go
Basic raft tests
2023-04-12 11:48:22 -07:00
raft.go
Fix datarace
2023-10-03 15:35:20 -07:00
rate_counter_test.go
rate_counter.go
README-MQTT.md
[ADDED] README-MQTT.md: MQTT implementation notes
2023-09-04 06:46:16 -07:00
README.md
reload_test.go
Fixes to service imports on reload
2023-08-05 18:21:01 -07:00
reload.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
ring_test.go
ring.go
route.go
[FIXED] Routes: Pinned Accounts connect/reconnect in some cases
2023-09-28 10:46:32 -06:00
routes_test.go
Only setup auto no-auth for $G account iff no authorization block was defined.
2023-09-28 13:51:45 -07:00
sendq.go
Optimize to not allocate converting strings to []byte
2023-04-08 20:46:05 -07:00
server_test.go
Only setup auto no-auth for $G account iff no authorization block was defined.
2023-09-28 13:51:45 -07:00
server.go
[ADDED] TLS: Handshake First for client connections
2023-10-10 09:46:01 -06:00
service_test.go
service_windows_test.go
Fix spelling
2023-01-17 17:40:39 -08:00
service_windows.go
More compact syntax
2022-12-27 09:41:39 +01:00
service.go
signal_test.go
Match --signal PIDs with globular-style expression.
2023-08-07 10:16:05 -07:00
signal_wasm.go
signal_windows.go
signal.go
Match --signal PIDs with globular-style expression.
2023-08-07 10:16:05 -07:00
split_test.go
[ADDED] Multiple routes and ability to have per-account routes
2023-04-03 09:32:25 -06:00
store.go
Detect mal-formed stream state snapshots and return appropriate error
2023-07-30 11:06:06 -07:00
stream.go
Report the raft group name in stream and consumer info
2023-10-14 12:28:36 +03:00
subject_transform_test.go
[ADDED] Support for multi-filter in stream sources (#4276)
2023-08-01 10:50:11 -07:00
subject_transform.go
[ADDED] Support for multi-filter in stream sources (#4276)
2023-08-01 10:50:11 -07:00
sublist_test.go
Fixes to http healthz monitoring response
2023-08-31 16:05:09 -07:00
sublist.go
Don't take sublist write lock in match if sublist cache disabled
2023-09-27 16:33:58 +01:00
test_test.go
Allow more time in TestFileStoreNumPendingLargeNumBlks, improve logging on failure
2023-09-12 11:02:43 +01:00
trust_test.go
Use testing.TempDir() where possible
2022-12-12 13:18:44 -08:00
util_test.go
util.go
[ADDED] Multiple routes and ability to have per-account routes
2023-04-03 09:32:25 -06:00
websocket_test.go
test: update TestWSTLSVerifyClientCert for go1.21
2023-08-09 21:50:46 -07:00
websocket.go
Revert changes to nbPoolPut, force compressor to forget byte buffer
2023-10-04 17:41:36 +01:00

README.md

Tests

Tests that run on Travis have been split into jobs that run in their own VM in parallel. This reduces the overall running time but also is allowing recycling of a job when we get a flapper as opposed to have to recycle the whole test suite.

JetStream Tests

For JetStream tests, we need to observe a naming convention so that no tests are omitted when running on Travis.

The script runTestsOnTravis.sh will run a given job based on the definition found in ".travis.yml".

As for the naming convention:

  • All JetStream tests name should start with TestJetStream
  • Cluster tests should go into jetstream_cluster_test.go and start with TestJetStreamCluster
  • Super-cluster tests should go into jetstream_super_cluster_test.go and start with TestJetStreamSuperCluster

Not following this convention means that some tests may not be executed on Travis.

Reference in New Issue View Git Blame Copy Permalink