nats-server

mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 11:48:43 -07:00

Go to file

Derek Collison 9de5e3e64d OCSP backports and adds (#4362 )

This PR backports the OCSP Peer feature option (as in 2.10 train) and
includes two fixes for the existing OCSP Staple feature.

OCSP Staple: 

1. Fixed and clarified how NATS Server determines its own Issuer CA when
obtaining and validating an OCSP Response for subsequent staple
2. Eliminated problematic assumption that all node peers are issued by
same CA when NATS Server validates ROUTE and GATEWAY peer nodes
3. Added OCSP Response effectivity checks on ROUTE and GATEWAY
peer-presented staple

Note for #3: Allowed host clock skew between node peers set at
30-seconds. If the OCSP Response contains an empty assertion for
NextUpdate, NATS Server will default to 1-hour validity (after
ThisUpdate). It is recommended that CA OCSP Responder should assert
NextUpdate.

2023-08-02 18:10:24 -07:00

.github

Disable auto-closing, increase stale threshold

2023-05-15 09:14:31 -04:00

conf

config: make parsing configurations without usable values invalid

2023-08-01 21:55:09 -07:00

doc

remove ADR files from the server

2021-07-13 10:07:31 +02:00

docker

Fix nsc in nightly

2023-04-17 00:07:01 -07:00

internal

Redact URLs before logging or returning in error (#2643 )

2021-10-27 12:44:59 -04:00

logger

Add logtime_utc option

2023-07-21 16:56:13 -07:00

logos

Updated logo for better aesthetics on dark mode.

2022-10-11 09:56:47 +09:00

scripts

Fix some lint errors after move to golangci-lint

2022-12-30 20:00:08 +00:00

server

OCSP backports and adds (#4362 )

2023-08-02 18:10:24 -07:00

test

Enhance OCSP peer validation for GATEWAY and ROUTE connections. Nodes no longer required to have same CA issuer. OCSP response effectivity now checked using default clock skew and default validity period if not asserted by responder.

2023-08-02 16:09:21 -07:00

util

Small fix to nats-server-hardened.service

2023-02-09 18:53:40 -08:00

.coveralls.yml

Should have been included from the coveralls instructions to know more.

2014-07-25 13:16:58 -07:00

.gitignore

Ignore dist and .vscode

2022-08-03 14:01:55 -07:00

.golangci.yml

Lint warnings on fmt.Print, fmt.Printf, fmt.Println

2023-01-24 16:10:13 +00:00

.goreleaser-nightly.yml

Adjust nightly name if on a branch

2023-06-27 17:00:05 -04:00

.goreleaser.yml

Remove gomod proxy, build by installing package instead

2023-03-28 08:16:33 -07:00

.travis.yml

Undo branch build restrictions, quote go version

2023-07-20 11:17:19 -07:00

CODE-OF-CONDUCT.md

Add CNCF Code of Conduct

2018-03-15 11:38:25 -07:00

dependencies.md

Update dependencies.md

2022-08-16 16:48:00 -06:00

go.mod

Update dependencies

2023-07-23 11:43:51 -07:00

go.sum

Update dependencies

2023-07-23 11:43:51 -07:00

GOVERNANCE.md

Update GOVERNANCE.md

2020-11-10 10:40:28 -06:00

LICENSE

Update license to Apache 2

2018-03-15 22:31:07 -07:00

locksordering.txt

Optimizations for large single hub account leafnode fleets.

2023-05-05 13:14:49 -07:00

main.go

Remove snapshot of cores and maxprocs

2023-03-17 15:09:50 -07:00

MAINTAINERS.md

Update MAINTAINERS.md

2020-06-22 11:10:49 -05:00

README.md

Release v2.9.20

2023-07-13 15:29:30 -04:00

TODO.md

[ADDED] Server sends INFO with cluster URLs to clients with support

2016-07-26 10:55:55 -06:00

README.md

NATS is a simple, secure and performant communications system for digital systems, services and devices. NATS is part of the Cloud Native Computing Foundation (CNCF). NATS has over 40 client language implementations, and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. NATS can secure and simplify design and operation of modern distributed systems.

Documentation

Official Website
Official Documentation
FAQ
Watch a video overview of NATS.
Watch this video from SCALE 13x to learn more about its origin story and design philosophy.

Contact

Twitter: Follow us on Twitter!
Google Groups: Where you can ask questions
Slack: Click here to join. You can ask question to our maintainers and to the rich and active community.

Contributing

If you are interested in contributing to NATS, read about our...

Roadmap

The NATS product roadmap can be found here.

Security

Security Audit

A third party security audit was performed by Cure53, you can see the full report here.

Reporting Security Vulnerabilities

If you've found a vulnerability or a potential vulnerability in the NATS server, please let us know at nats-security.

License

Unless otherwise noted, the NATS source files are distributed under the Apache Version 2.0 license found in the LICENSE file.