RubyGems - ffi-nats-core - Versions diffs - 0.3.0 → 0.3.1 - Mend

ffi-nats-core 0.3.0 → 0.3.1

Files changed (86) hide show

checksums.yaml +4 -4
data/ffi-nats-core.gemspec +8 -0
data/lib/ffi/nats/core/version.rb +1 -1
data/vendor/cnats/CMakeLists.txt +137 -0
data/vendor/cnats/adapters/libevent.h +220 -0
data/vendor/cnats/adapters/libuv.h +472 -0
data/vendor/cnats/examples/CMakeLists.txt +56 -0
data/vendor/cnats/examples/asynctimeout.c +83 -0
data/vendor/cnats/examples/examples.h +322 -0
data/vendor/cnats/examples/libevent-pub.c +136 -0
data/vendor/cnats/examples/libevent-sub.c +104 -0
data/vendor/cnats/examples/libuv-pub.c +120 -0
data/vendor/cnats/examples/libuv-sub.c +114 -0
data/vendor/cnats/examples/publisher.c +62 -0
data/vendor/cnats/examples/queuegroup.c +132 -0
data/vendor/cnats/examples/replier.c +149 -0
data/vendor/cnats/examples/requestor.c +75 -0
data/vendor/cnats/examples/subscriber.c +133 -0
data/vendor/cnats/src/CMakeLists.txt +31 -0
data/vendor/cnats/src/asynccb.c +66 -0
data/vendor/cnats/src/asynccb.h +42 -0
data/vendor/cnats/src/buf.c +246 -0
data/vendor/cnats/src/buf.h +116 -0
data/vendor/cnats/src/comsock.c +474 -0
data/vendor/cnats/src/comsock.h +81 -0
data/vendor/cnats/src/conn.c +2725 -0
data/vendor/cnats/src/conn.h +75 -0
data/vendor/cnats/src/err.h +31 -0
data/vendor/cnats/src/gc.h +27 -0
data/vendor/cnats/src/hash.c +725 -0
data/vendor/cnats/src/hash.h +141 -0
data/vendor/cnats/src/include/n-unix.h +56 -0
data/vendor/cnats/src/include/n-win.h +59 -0
data/vendor/cnats/src/mem.h +20 -0
data/vendor/cnats/src/msg.c +155 -0
data/vendor/cnats/src/msg.h +43 -0
data/vendor/cnats/src/nats.c +1734 -0
data/vendor/cnats/src/nats.h +2024 -0
data/vendor/cnats/src/natsp.h +518 -0
data/vendor/cnats/src/natstime.c +79 -0
data/vendor/cnats/src/natstime.h +27 -0
data/vendor/cnats/src/nuid.c +265 -0
data/vendor/cnats/src/nuid.h +21 -0
data/vendor/cnats/src/opts.c +1030 -0
data/vendor/cnats/src/opts.h +19 -0
data/vendor/cnats/src/parser.c +869 -0
data/vendor/cnats/src/parser.h +87 -0
data/vendor/cnats/src/pub.c +293 -0
data/vendor/cnats/src/srvpool.c +380 -0
data/vendor/cnats/src/srvpool.h +71 -0
data/vendor/cnats/src/stats.c +54 -0
data/vendor/cnats/src/stats.h +21 -0
data/vendor/cnats/src/status.c +60 -0
data/vendor/cnats/src/status.h +95 -0
data/vendor/cnats/src/sub.c +956 -0
data/vendor/cnats/src/sub.h +34 -0
data/vendor/cnats/src/timer.c +86 -0
data/vendor/cnats/src/timer.h +57 -0
data/vendor/cnats/src/unix/cond.c +103 -0
data/vendor/cnats/src/unix/mutex.c +107 -0
data/vendor/cnats/src/unix/sock.c +105 -0
data/vendor/cnats/src/unix/thread.c +162 -0
data/vendor/cnats/src/url.c +134 -0
data/vendor/cnats/src/url.h +24 -0
data/vendor/cnats/src/util.c +823 -0
data/vendor/cnats/src/util.h +75 -0
data/vendor/cnats/src/version.h +29 -0
data/vendor/cnats/src/version.h.in +29 -0
data/vendor/cnats/src/win/cond.c +86 -0
data/vendor/cnats/src/win/mutex.c +54 -0
data/vendor/cnats/src/win/sock.c +158 -0
data/vendor/cnats/src/win/strings.c +108 -0
data/vendor/cnats/src/win/thread.c +180 -0
data/vendor/cnats/test/CMakeLists.txt +35 -0
data/vendor/cnats/test/certs/ca.pem +38 -0
data/vendor/cnats/test/certs/client-cert.pem +30 -0
data/vendor/cnats/test/certs/client-key.pem +51 -0
data/vendor/cnats/test/certs/server-cert.pem +31 -0
data/vendor/cnats/test/certs/server-key.pem +51 -0
data/vendor/cnats/test/dylib/CMakeLists.txt +10 -0
data/vendor/cnats/test/dylib/nonats.c +13 -0
data/vendor/cnats/test/list.txt +125 -0
data/vendor/cnats/test/test.c +11655 -0
data/vendor/cnats/test/tls.conf +15 -0
data/vendor/cnats/test/tlsverify.conf +19 -0
metadata +83 -1

@@ -0,0 +1,79 @@
+// Copyright 2015 Apcera Inc. All rights reserved.
+#include "natsp.h"
+#ifdef _WIN32
+#include <sys/timeb.h>
+#endif
+#include <time.h>
+int64_t
+nats_Now(void)
+{
+#ifdef _WIN32
+    struct _timeb now;
+    _ftime_s(&now);
+    return (((int64_t)now.time) * 1000 + now.millitm);
+#elif defined CLOCK_MONOTONIC
+    struct timespec ts;
+    if (clock_gettime(CLOCK_REALTIME, &ts) != 0)
+        abort();
+    return ((int64_t)ts.tv_sec) * 1000 + (((int64_t)ts.tv_nsec) / 1000000);
+#else
+    struct timeval tv;
+    if (gettimeofday(&tv, NULL) != 0)
+        abort();
+    return ((int64_t)tv.tv_sec) * 1000 + (((int64_t)tv.tv_usec) / 1000);
+#endif
+}
+int64_t
+nats_NowInNanoSeconds(void)
+{
+#ifdef _WIN32
+    struct _timeb now;
+    _ftime_s(&now);
+    return (((int64_t)now.time) * 1000 + now.millitm) * 1000000L;
+#elif defined CLOCK_MONOTONIC
+    struct timespec ts;
+    if (clock_gettime(CLOCK_REALTIME, &ts) != 0)
+        abort();
+    return ((int64_t)ts.tv_sec) * 1000000000L + ((int64_t)ts.tv_nsec);
+#else
+    struct timeval tv;
+    if (gettimeofday(&tv, NULL) != 0)
+        abort();
+    return ((int64_t)tv.tv_sec) * 1000000000L + (((int64_t)tv.tv_usec) * 1000);
+#endif
+}
+void
+natsDeadline_Init(natsDeadline *deadline, int64_t timeout)
+{
+    deadline->active          = true;
+    deadline->absoluteTime    = nats_Now() + timeout;
+    deadline->timeout.tv_sec  = (long) timeout / 1000;
+    deadline->timeout.tv_usec = (timeout % 1000) * 1000;
+}
+void
+natsDeadline_Clear(natsDeadline *deadline)
+{
+    deadline->active = false;
+}
+struct timeval*
+natsDeadline_GetTimeout(natsDeadline *deadline)
+{
+    int64_t timeout;
+    if (!(deadline->active))
+        return NULL;
+    timeout = deadline->absoluteTime - nats_Now();
+    deadline->timeout.tv_sec  = (long) (timeout / 1000);
+    deadline->timeout.tv_usec = (timeout % 1000) * 1000;
+    return &(deadline->timeout);
+}

data/vendor/cnats/src/natstime.h ADDED

@@ -0,0 +1,27 @@
+// Copyright 2015 Apcera Inc. All rights reserved.
+#ifndef NATSTIME_H_
+#define NATSTIME_H_
+#include "natsp.h"
+typedef struct __natsDeadline
+{
+    int64_t             absoluteTime;
+    struct timeval      timeout;
+    bool                active;
+} natsDeadline;
+void
+natsDeadline_Init(natsDeadline *deadline, int64_t timeout);
+struct timeval*
+natsDeadline_GetTimeout(natsDeadline *deadline);
+void
+natsDeadline_Clear(natsDeadline *deadline);
+#endif /* NATSTIME_H_ */

data/vendor/cnats/src/nuid.c ADDED

@@ -0,0 +1,265 @@
+// Copyright 2016 Apcera Inc. All rights reserved.
+#include "natsp.h"
+// From https://en.wikipedia.org/wiki/Multiply-with-carry
+// CMWC working parts
+#define CMWC_CYCLE 4096         // as Marsaglia recommends
+#define CMWC_C_MAX 809430660    // as Marsaglia recommends
+static uint32_t Q[CMWC_CYCLE];
+static uint32_t carry = 362436;     // must be limited with CMWC_C_MAX (we will reinit it with seed)
+// Make 32 bit random number (some systems use 16 bit RAND_MAX)
+static uint32_t
+_rand32(void)
+{
+    uint32_t result = 0;
+    result = rand();
+    result <<= 16;
+    result |= rand();
+    return result;
+}
+// Init all engine parts with seed
+static void
+_initCMWC(unsigned int seed)
+{
+    int i;
+    for (i = 0; i < CMWC_CYCLE; i++)
+        Q[i] = _rand32();
+    do
+    {
+        carry = _rand32();
+    }
+    while (carry >= CMWC_C_MAX);
+}
+// CMWC engine
+static uint32_t
+_randCMWC(void)
+{
+    static uint32_t i = CMWC_CYCLE - 1;
+    uint64_t t = 0;
+    uint64_t a = 18782;         // as Marsaglia recommends
+    uint32_t r = 0xfffffffe;    // as Marsaglia recommends
+    uint32_t x = 0;
+    i = (i + 1) & (CMWC_CYCLE - 1);
+    t = a * Q[i] + carry;
+    carry = t >> 32;
+    x = (uint32_t) (t + carry);
+    if (x < carry)
+    {
+        x++;
+        carry++;
+    }
+    return (Q[i] = r - x);
+}
+static int64_t
+_rand64(int64_t maxValue)
+{
+    int64_t v;
+    v  = ((int64_t) _randCMWC() << 32);
+    v |= (int64_t) _randCMWC();
+    if (v < 0)
+        v = v * -1;
+    v = v % maxValue;
+    return v;
+}
+// A unique identifier generator that is high performance, very fast, and entropy pool friendly.
+//
+// NUID needs to be very fast to generate and truly unique, all while being entropy pool friendly.
+// We will use 12 bytes of crypto generated data (entropy draining), and 10 bytes of sequential data
+// that is started at a pseudo random number and increments with a pseudo-random increment.
+// Total is 22 bytes of base 36 ascii text :)
+#define NUID_PRE_LEN (12)
+#define NUID_SEQ_LEN (10)
+static const char       *digits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const int        base    = 36;
+static const int64_t    maxPre  = 4738381338321616896L;
+static const int64_t    maxSeq  = 3656158440062976L;
+static const int64_t    minInc  = 33L;
+static const int64_t    maxInc  = 333L;
+static const int        totalLen= NUID_PRE_LEN + NUID_SEQ_LEN;
+typedef struct natsNUID
+{
+    char    pre[NUID_PRE_LEN];
+    int64_t seq;
+    int64_t inc;
+} natsNUID;
+typedef struct natsLockedNUID
+{
+    natsMutex   *mu;
+    natsNUID    nuid;
+} natsLockedNUID;
+// Global NUID
+static natsLockedNUID   globalNUID;
+static natsStatus
+_nextLong(int64_t *next, bool useCrypto, int64_t maxValue)
+{
+    natsStatus s = NATS_OK;
+    if (maxValue <= 0)
+        return nats_setError(NATS_INVALID_ARG,
+                             "Invalid argument for nextLong: %" PRId64 "",
+                             maxValue);
+#if defined(NATS_HAS_TLS)
+    if (useCrypto)
+    {
+        int64_t r = 0;
+        RAND_bytes((unsigned char*) &r, sizeof(int64_t));
+        if (r < 0)
+            r = r * -1;
+        *next = r;
+    }
+    else
+#endif
+        *next = _rand64(maxValue);
+    return s;
+}
+// Resets the sequential portion of the NUID.
+static natsStatus
+_resetSequential(natsNUID *nuid)
+{
+    natsStatus s;
+    s = _nextLong(&(nuid->seq), false, maxSeq);
+    if (s == NATS_OK)
+        s = _nextLong(&(nuid->inc), false, maxInc - minInc);
+    if (s == NATS_OK)
+        nuid->inc += minInc;
+    return NATS_UPDATE_ERR_STACK(s);
+}
+// Generate a new prefix from crypto rand.
+// This will drain entropy and will be called automatically when we exhaust the sequential
+static natsStatus
+_randomizePrefix(natsNUID *nuid)
+{
+    natsStatus  s;
+    int64_t     r = 0;
+    s = _nextLong(&r, true, maxPre);
+    if (s == NATS_OK)
+    {
+        int64_t l;
+        int     i = NUID_PRE_LEN;
+        for (l = r; i > 0; l /= base)
+        {
+            i--;
+            nuid->pre[i] = digits[(int) (l % base)];
+        }
+    }
+    return NATS_UPDATE_ERR_STACK(s);
+}
+void
+natsNUID_free(void)
+{
+    natsMutex_Destroy(globalNUID.mu);
+    globalNUID.mu = NULL;
+}
+// Seed sequential random with math/random and current time and generate crypto prefix.
+natsStatus
+natsNUID_init(void)
+{
+    natsStatus      s;
+    unsigned int    seed = (unsigned int) nats_NowInNanoSeconds();
+    memset(&globalNUID, 0, sizeof(natsNUID));
+    srand(seed);
+    _initCMWC(seed);
+    s = natsMutex_Create(&(globalNUID.mu));
+    if (s == NATS_OK)
+        s = _resetSequential(&(globalNUID.nuid));
+    if (s == NATS_OK)
+        s = _randomizePrefix(&(globalNUID.nuid));
+    if (s != NATS_OK)
+        natsNUID_free();
+    return NATS_UPDATE_ERR_STACK(s);
+}
+// Generate the next NUID string.
+static natsStatus
+_nextNUID(natsNUID *nuid, char *buffer, int bufferLen)
+{
+    natsStatus s = NATS_OK;
+    // Check bufferLen is big enough
+    if (bufferLen <= totalLen)
+        return NATS_INSUFFICIENT_BUFFER;
+    // Increment and capture.
+    nuid->seq += nuid->inc;
+    if (nuid->seq >= maxSeq)
+    {
+        s = _randomizePrefix(nuid);
+        if (s == NATS_OK)
+            s = _resetSequential(nuid);
+    }
+    if (s == NATS_OK)
+    {
+        int64_t l;
+        int     i;
+        // Copy prefix
+        memcpy(buffer, nuid->pre, NUID_PRE_LEN);
+        // copy in the seq in base36.
+        l = nuid->seq;
+        for (i = totalLen; i > NUID_PRE_LEN; l /= base)
+        {
+            i--;
+            buffer[i] = digits[(int) (l % base)];
+        }
+        buffer[totalLen] = '\0';
+    }
+    return NATS_UPDATE_ERR_STACK(s);
+}
+// Generate the next NUID string from the global locked NUID instance.
+natsStatus
+natsNUID_Next(char *buffer, int bufferLen)
+{
+    natsStatus s;
+    natsMutex_Lock(globalNUID.mu);
+    s = _nextNUID(&(globalNUID.nuid), buffer, bufferLen);
+    natsMutex_Unlock(globalNUID.mu);
+    return NATS_UPDATE_ERR_STACK(s);
+}

data/vendor/cnats/src/nuid.h ADDED

@@ -0,0 +1,21 @@
+// Copyright 2016 Apcera Inc. All rights reserved.
+#ifndef NUID_H_
+#define NUID_H_
+#include "status.h"
+#define NUID_BUFFER_LEN (12 + 10)
+// Seed sequential random with math/random and current time and generate crypto prefix.
+natsStatus
+natsNUID_init(void);
+// Generate the next NUID string from the global locked NUID instance.
+natsStatus
+natsNUID_Next(char *buffer, int bufferLen);
+void
+natsNUID_free(void);
+#endif /* NUID_H_ */

data/vendor/cnats/src/opts.c ADDED

@@ -0,0 +1,1030 @@
+// Copyright 2015 Apcera Inc. All rights reserved.
+#include "natsp.h"
+#include <string.h>
+#include "mem.h"
+#include "opts.h"
+#define LOCK_AND_CHECK_OPTIONS(o, c) \
+    if (((o) == NULL) || ((c))) \
+        return nats_setDefaultError(NATS_INVALID_ARG); \
+    natsMutex_Lock((o)->mu);
+#define UNLOCK_OPTS(o) natsMutex_Unlock((o)->mu)
+natsStatus
+natsOptions_SetURL(natsOptions *opts, const char* url)
+{
+    natsStatus s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    if (opts->url != NULL)
+    {
+        NATS_FREE(opts->url);
+        opts->url = NULL;
+    }
+    if (url != NULL)
+    {
+        opts->url = NATS_STRDUP(url);
+        if (opts->url == NULL)
+            s = nats_setDefaultError(NATS_NO_MEMORY);
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+static void
+_freeServers(natsOptions *opts)
+{
+    int i;
+    if ((opts->servers == NULL) || (opts->serversCount == 0))
+        return;
+    for (i = 0; i < opts->serversCount; i++)
+        NATS_FREE(opts->servers[i]);
+    NATS_FREE(opts->servers);
+    opts->servers       = NULL;
+    opts->serversCount  = 0;
+}
+natsStatus
+natsOptions_SetServers(natsOptions *opts, const char** servers, int serversCount)
+{
+    natsStatus  s = NATS_OK;
+    int         i;
+    LOCK_AND_CHECK_OPTIONS(opts,
+                           (((servers != NULL) && (serversCount <= 0))
+                            || ((servers == NULL) && (serversCount != 0))));
+    _freeServers(opts);
+    if (servers != NULL)
+    {
+        opts->servers = (char**) NATS_CALLOC(serversCount, sizeof(char*));
+        if (opts->servers == NULL)
+            s = nats_setDefaultError(NATS_NO_MEMORY);
+        for (i = 0; (s == NATS_OK) && (i < serversCount); i++)
+        {
+            opts->servers[i] = (char*) NATS_STRDUP(servers[i]);
+            if (opts->servers[i] == NULL)
+                s = nats_setDefaultError(NATS_NO_MEMORY);
+            else
+                opts->serversCount++;
+        }
+    }
+    if (s != NATS_OK)
+        _freeServers(opts);
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SetNoRandomize(natsOptions *opts, bool noRandomize)
+{
+    natsStatus  s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->noRandomize = noRandomize;
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SetTimeout(natsOptions *opts, int64_t timeout)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, (timeout < 0));
+    opts->timeout = timeout;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetName(natsOptions *opts, const char *name)
+{
+    natsStatus  s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    NATS_FREE(opts->name);
+    opts->name = NULL;
+    if (name != NULL)
+    {
+        opts->name = NATS_STRDUP(name);
+        if (opts->name == NULL)
+            s = nats_setDefaultError(NATS_NO_MEMORY);
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SetUserInfo(natsOptions *opts, const char *user, const char *password)
+{
+    natsStatus  s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    NATS_FREE(opts->user);
+    opts->user= NULL;
+    NATS_FREE(opts->password);
+    opts->password = NULL;
+    if (user != NULL)
+    {
+        opts->user = NATS_STRDUP(user);
+        if (opts->user== NULL)
+            s = nats_setDefaultError(NATS_NO_MEMORY);
+    }
+    if ((s == NATS_OK) && (password != NULL))
+    {
+        opts->password = NATS_STRDUP(password);
+        if (opts->password == NULL)
+            s = nats_setDefaultError(NATS_NO_MEMORY);
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SetToken(natsOptions *opts, const char *token)
+{
+    natsStatus  s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    NATS_FREE(opts->token);
+    opts->token= NULL;
+    if (token != NULL)
+    {
+        opts->token = NATS_STRDUP(token);
+        if (opts->token == NULL)
+            s = nats_setDefaultError(NATS_NO_MEMORY);
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+static void
+natsSSLCtx_release(natsSSLCtx *ctx)
+{
+    int refs;
+    if (ctx == NULL)
+        return;
+    natsMutex_Lock(ctx->lock);
+    refs = --(ctx->refs);
+    natsMutex_Unlock(ctx->lock);
+    if (refs == 0)
+    {
+        NATS_FREE(ctx->expectedHostname);
+        SSL_CTX_free(ctx->ctx);
+        natsMutex_Destroy(ctx->lock);
+        NATS_FREE(ctx);
+    }
+}
+static natsSSLCtx*
+natsSSLCtx_retain(natsSSLCtx *ctx)
+{
+    natsMutex_Lock(ctx->lock);
+    ctx->refs++;
+    natsMutex_Unlock(ctx->lock);
+    return ctx;
+}
+#if defined(NATS_HAS_TLS)
+// See section RFC 6125 Sections 2.4 and 3.1
+static bool
+_hostnameMatches(char *expr, char *string)
+{
+    int i, j;
+    for (i = 0, j = 0; i < (int) strlen(expr); i++)
+    {
+        if (expr[i] == '*')
+        {
+            if (string[j] == '.')
+                return 0;
+            while (string[j] != '.')
+                j++;
+        }
+        else if (expr[i] != string[j])
+        {
+            return false;
+        }
+        else
+            j++;
+    }
+    return (j == (int) strlen(string));
+}
+// Does this hostname match an entry in the subjectAltName extension?
+// returns: 0 if no, 1 if yes, -1 if no subjectAltName entries were found.
+static int
+_hostnameMatchesSubjectAltName(char *hostname, X509 *cert)
+{
+    bool                    foundAnyEntry = false;
+    bool                    foundMatch = false;
+    GENERAL_NAME            *namePart = NULL;
+    STACK_OF(GENERAL_NAME)  *san;
+    san = (STACK_OF(GENERAL_NAME)*) X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+    while (sk_GENERAL_NAME_num(san) > 0)
+    {
+        namePart = sk_GENERAL_NAME_pop(san);
+        if (namePart->type == GEN_DNS)
+        {
+            foundAnyEntry = true;
+            foundMatch = _hostnameMatches((char*) ASN1_STRING_data(namePart->d.uniformResourceIdentifier),
+                                           hostname);
+        }
+        GENERAL_NAME_free(namePart);
+        if (foundMatch)
+            break;
+    }
+    GENERAL_NAMES_free(san);
+    if (foundMatch)
+        return 1;
+    return (foundAnyEntry ? 0 : -1);
+}
+static bool
+_hostnameMatchesSubjectCN(char *hostname, X509 *cert)
+{
+    X509_NAME       *name;
+    X509_NAME_ENTRY *name_entry;
+    char            *certname;
+    int             position;
+    name = X509_get_subject_name(cert);
+    position = -1;
+    while (1)
+    {
+        position = X509_NAME_get_index_by_NID(name, NID_commonName, position);
+        if (position == -1)
+            break;
+        name_entry = X509_NAME_get_entry(name, position);
+        certname = (char*) X509_NAME_ENTRY_get_data(name_entry)->data;
+        if (_hostnameMatches(certname, hostname))
+            return true;
+    }
+    return false;
+}
+static int
+_hostnameMatchesCertificate(char *hostname, X509 *cert)
+{
+    int san_result = _hostnameMatchesSubjectAltName(hostname, cert);
+    if (san_result > -1)
+        return san_result;
+    return _hostnameMatchesSubjectCN(hostname, cert);
+}
+static int
+_verifyCb(int preverifyOk, X509_STORE_CTX* ctx)
+{
+    char            buf[256];
+    SSL             *ssl  = NULL;
+    X509            *cert = X509_STORE_CTX_get_current_cert(ctx);
+    int             depth = X509_STORE_CTX_get_error_depth(ctx);
+    int             err   = X509_STORE_CTX_get_error(ctx);
+    natsConnection  *nc   = NULL;
+    // Retrieve the SSL object, then our connection...
+    ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    nc = (natsConnection*) SSL_get_ex_data(ssl, 0);
+    // Should we skip serve certificate verification?
+    if (nc->opts->sslCtx->skipVerify)
+        return 1;
+    // If the depth is greater than the limit (when not set, the limit is
+    // 100), then report as an error.
+    if (depth > 100)
+    {
+        preverifyOk = 0;
+        err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        X509_STORE_CTX_set_error(ctx, err);
+    }
+    if (!preverifyOk)
+    {
+        X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
+        snprintf(nc->errStr, sizeof(nc->errStr), "%d:%s:depth=%d:%s",
+                 err, X509_verify_cert_error_string(err),
+                 depth, buf);
+    }
+    if (!preverifyOk && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+    {
+        X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
+        snprintf(nc->errStr, sizeof(nc->errStr), "issuer=%s", buf);
+    }
+    if (preverifyOk
+        && (depth == 0) // Verify hostname only for the server certificate.
+        && (natsSSLCtx_getExpectedHostname(nc->opts->sslCtx) != NULL))
+    {
+        if (!_hostnameMatchesCertificate(
+                natsSSLCtx_getExpectedHostname(nc->opts->sslCtx), cert))
+        {
+            snprintf(nc->errStr, sizeof(nc->errStr),
+                     "Did not get expected hostname '%s'",
+                     natsSSLCtx_getExpectedHostname(nc->opts->sslCtx));
+            preverifyOk = 0;
+        }
+    }
+    return preverifyOk;
+}
+static natsStatus
+_createSSLCtx(natsSSLCtx **newCtx)
+{
+    natsStatus  s    = NATS_OK;
+    natsSSLCtx  *ctx = NULL;
+    ctx = (natsSSLCtx*) NATS_CALLOC(1, sizeof(natsSSLCtx));
+    if (ctx == NULL)
+        s = nats_setDefaultError(NATS_NO_MEMORY);
+    if (s == NATS_OK)
+    {
+        ctx->refs = 1;
+        s = natsMutex_Create(&(ctx->lock));
+    }
+    if (s == NATS_OK)
+    {
+#if defined(NATS_USE_TLS_CLIENT_METHOD)
+        ctx->ctx = SSL_CTX_new(TLS_client_method());
+#else
+        ctx->ctx = SSL_CTX_new(TLSv1_2_client_method());
+#endif
+        if (ctx->ctx == NULL)
+            s = nats_setError(NATS_SSL_ERROR,
+                              "Unable to create SSL context: %s",
+                              NATS_SSL_ERR_REASON_STRING);
+    }
+    if (s == NATS_OK)
+    {
+        (void) SSL_CTX_set_mode(ctx->ctx, SSL_MODE_AUTO_RETRY);
+        SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_SSLv2);
+        SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_SSLv3);
+        // Set to SSL_VERIFY_NONE so that we can get more error trace in
+        // the verifyCb that is then used in conn.c's makeTLSConn function.
+        SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_NONE, _verifyCb);
+        *newCtx = ctx;
+    }
+    else if (ctx != NULL)
+    {
+        natsSSLCtx_release(ctx);
+    }
+    return NATS_UPDATE_ERR_STACK(s);
+}
+static natsStatus
+_getSSLCtx(natsOptions *opts)
+{
+    natsStatus s;
+    s = nats_sslInit();
+    if ((s == NATS_OK) && (opts->sslCtx != NULL))
+    {
+        bool createNew = false;
+        natsMutex_Lock(opts->sslCtx->lock);
+        // If this context is retained by a cloned natsOptions, we need to
+        // release it and create a new context.
+        if (opts->sslCtx->refs > 1)
+            createNew = true;
+        natsMutex_Unlock(opts->sslCtx->lock);
+        if (createNew)
+        {
+            natsSSLCtx_release(opts->sslCtx);
+            opts->sslCtx = NULL;
+        }
+        else
+        {
+            // We can use this ssl context.
+            return NATS_OK;
+        }
+    }
+    if (s == NATS_OK)
+        s = _createSSLCtx(&(opts->sslCtx));
+    return NATS_UPDATE_ERR_STACK(s);
+}
+natsStatus
+natsOptions_SetSecure(natsOptions *opts, bool secure)
+{
+    natsStatus s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    if (!secure && (opts->sslCtx != NULL))
+    {
+        natsSSLCtx_release(opts->sslCtx);
+        opts->sslCtx = NULL;
+    }
+    else if (secure && (opts->sslCtx == NULL))
+    {
+        s = _getSSLCtx(opts);
+    }
+    if (s == NATS_OK)
+        opts->secure = secure;
+    UNLOCK_OPTS(opts);
+    return NATS_UPDATE_ERR_STACK(s);
+}
+natsStatus
+natsOptions_LoadCATrustedCertificates(natsOptions *opts, const char *fileName)
+{
+    natsStatus s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, ((fileName == NULL) || (fileName[0] == '\0')));
+    s = _getSSLCtx(opts);
+    if (s == NATS_OK)
+    {
+        nats_sslRegisterThreadForCleanup();
+        if (SSL_CTX_load_verify_locations(opts->sslCtx->ctx, fileName, NULL) != 1)
+        {
+            s = nats_setError(NATS_SSL_ERROR,
+                              "Error loading trusted certificates '%s': %s",
+                              fileName,
+                              NATS_SSL_ERR_REASON_STRING);
+        }
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_LoadCertificatesChain(natsOptions *opts,
+                                  const char *certFileName,
+                                  const char *keyFileName)
+{
+    natsStatus s = NATS_OK;
+    if ((certFileName == NULL) || (certFileName[0] == '\0')
+        || (keyFileName == NULL) || (keyFileName[0] == '\0'))
+    {
+        return nats_setError(NATS_INVALID_ARG, "%s",
+                             "certificate and key file names can't be NULL nor empty");
+    }
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    s = _getSSLCtx(opts);
+    if (s == NATS_OK)
+    {
+        nats_sslRegisterThreadForCleanup();
+        if (SSL_CTX_use_certificate_chain_file(opts->sslCtx->ctx, certFileName) != 1)
+        {
+            s = nats_setError(NATS_SSL_ERROR,
+                              "Error loading certificate chain '%s': %s",
+                              certFileName,
+                              NATS_SSL_ERR_REASON_STRING);
+        }
+    }
+    if (s == NATS_OK)
+    {
+        if (SSL_CTX_use_PrivateKey_file(opts->sslCtx->ctx, keyFileName, SSL_FILETYPE_PEM) != 1)
+        {
+            s = nats_setError(NATS_SSL_ERROR,
+                              "Error loading private key '%s': %s",
+                              keyFileName,
+                              NATS_SSL_ERR_REASON_STRING);
+        }
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SetCiphers(natsOptions *opts, const char *ciphers)
+{
+    natsStatus s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, ((ciphers == NULL) || (ciphers[0] == '\0')));
+    s = _getSSLCtx(opts);
+    if (s == NATS_OK)
+    {
+        nats_sslRegisterThreadForCleanup();
+        if (SSL_CTX_set_cipher_list(opts->sslCtx->ctx, ciphers) != 1)
+        {
+            s = nats_setError(NATS_SSL_ERROR,
+                              "Error setting ciphers '%s': %s",
+                              ciphers,
+                              NATS_SSL_ERR_REASON_STRING);
+        }
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SetExpectedHostname(natsOptions *opts, const char *hostname)
+{
+    natsStatus s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, ((hostname == NULL) || (hostname[0] == '\0')));
+    s = _getSSLCtx(opts);
+    if (s == NATS_OK)
+    {
+        NATS_FREE(opts->sslCtx->expectedHostname);
+        opts->sslCtx->expectedHostname = NULL;
+        if (hostname != NULL)
+        {
+            opts->sslCtx->expectedHostname = NATS_STRDUP(hostname);
+            if (opts->sslCtx->expectedHostname == NULL)
+            {
+                s = nats_setDefaultError(NATS_NO_MEMORY);
+            }
+        }
+    }
+    UNLOCK_OPTS(opts);
+    return s;
+}
+natsStatus
+natsOptions_SkipServerVerification(natsOptions *opts, bool skip)
+{
+    natsStatus s = NATS_OK;
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    s = _getSSLCtx(opts);
+    if (s == NATS_OK)
+        opts->sslCtx->skipVerify = skip;
+    UNLOCK_OPTS(opts);
+    return s;
+}
+#else
+natsStatus
+natsOptions_SetSecure(natsOptions *opts, bool secure)
+{
+    return nats_setError(NATS_ILLEGAL_STATE, "%s", NO_SSL_ERR);
+}
+natsStatus
+natsOptions_LoadCATrustedCertificates(natsOptions *opts, const char *fileName)
+{
+    return nats_setError(NATS_ILLEGAL_STATE, "%s", NO_SSL_ERR);
+}
+natsStatus
+natsOptions_LoadCertificatesChain(natsOptions *opts,
+                                  const char *certFileName,
+                                  const char *keyFileName)
+{
+    return nats_setError(NATS_ILLEGAL_STATE, "%s", NO_SSL_ERR);
+}
+natsStatus
+natsOptions_SetCiphers(natsOptions *opts, const char *ciphers)
+{
+    return nats_setError(NATS_ILLEGAL_STATE, "%s", NO_SSL_ERR);
+}
+natsStatus
+natsOptions_SetExpectedHostname(natsOptions *opts, const char *hostname)
+{
+    return nats_setError(NATS_ILLEGAL_STATE, "%s", NO_SSL_ERR);
+}
+natsStatus
+natsOptions_SkipServerVerification(natsOptions *opts, bool skip)
+{
+    return nats_setError(NATS_ILLEGAL_STATE, "%s", NO_SSL_ERR);
+}
+#endif
+natsStatus
+natsOptions_SetVerbose(natsOptions *opts, bool verbose)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->verbose = verbose;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetPedantic(natsOptions *opts, bool pedantic)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->pedantic = pedantic;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetPingInterval(natsOptions *opts, int64_t interval)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->pingInterval = interval;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetMaxPingsOut(natsOptions *opts, int maxPignsOut)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->maxPingsOut = maxPignsOut;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetAllowReconnect(natsOptions *opts, bool allow)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->allowReconnect = allow;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetMaxReconnect(natsOptions *opts, int maxReconnect)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->maxReconnect = maxReconnect;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetReconnectWait(natsOptions *opts, int64_t reconnectWait)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, (reconnectWait < 0));
+    opts->reconnectWait = reconnectWait;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetReconnectBufSize(natsOptions *opts, int reconnectBufSize)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, (reconnectBufSize < 0));
+    opts->reconnectBufSize = reconnectBufSize;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetMaxPendingMsgs(natsOptions *opts, int maxPending)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, (maxPending <= 0));
+    opts->maxPendingMsgs = maxPending;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetErrorHandler(natsOptions *opts, natsErrHandler errHandler,
+                            void *closure)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->asyncErrCb = errHandler;
+    opts->asyncErrCbClosure = closure;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetClosedCB(natsOptions *opts, natsConnectionHandler closedCb,
+                        void *closure)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->closedCb = closedCb;
+    opts->closedCbClosure = closure;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetDisconnectedCB(natsOptions *opts,
+                              natsConnectionHandler disconnectedCb,
+                              void *closure)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->disconnectedCb = disconnectedCb;
+    opts->disconnectedCbClosure = closure;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetReconnectedCB(natsOptions *opts,
+                             natsConnectionHandler reconnectedCb,
+                             void *closure)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    opts->reconnectedCb = reconnectedCb;
+    opts->reconnectedCbClosure = closure;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_SetEventLoop(natsOptions *opts,
+                         void *loop,
+                         natsEvLoop_Attach          attachCb,
+                         natsEvLoop_ReadAddRemove   readCb,
+                         natsEvLoop_WriteAddRemove  writeCb,
+                         natsEvLoop_Detach          detachCb)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, (loop == NULL)
+                                 || (attachCb == NULL)
+                                 || (readCb == NULL)
+                                 || (writeCb == NULL)
+                                 || (detachCb == NULL));
+    opts->evLoop        = loop;
+    opts->evCbs.attach  = attachCb;
+    opts->evCbs.read    = readCb;
+    opts->evCbs.write   = writeCb;
+    opts->evCbs.detach  = detachCb;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_UseGlobalMessageDelivery(natsOptions *opts, bool global)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, 0);
+    // Sets if the subscriptions created from the connection will
+    // create their own delivery thread or use the one(s) from
+    // the library.
+    opts->libMsgDelivery = global;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+natsStatus
+natsOptions_IPResolutionOrder(natsOptions *opts, int order)
+{
+    LOCK_AND_CHECK_OPTIONS(opts, ((order != 0)
+                                    && (order != 4)
+                                    && (order != 6)
+                                    && (order != 46)
+                                    && (order != 64)));
+    opts->orderIP = order;
+    UNLOCK_OPTS(opts);
+    return NATS_OK;
+}
+static void
+_freeOptions(natsOptions *opts)
+{
+    if (opts == NULL)
+        return;
+    NATS_FREE(opts->url);
+    NATS_FREE(opts->name);
+    _freeServers(opts);
+    NATS_FREE(opts->user);
+    NATS_FREE(opts->password);
+    NATS_FREE(opts->token);
+    natsMutex_Destroy(opts->mu);
+    natsSSLCtx_release(opts->sslCtx);
+    NATS_FREE(opts);
+}
+natsStatus
+natsOptions_Create(natsOptions **newOpts)
+{
+    natsStatus  s;
+    natsOptions *opts = NULL;
+    // Ensure the library is loaded
+    s = nats_Open(-1);
+    if (s != NATS_OK)
+        return s;
+    opts = (natsOptions*) NATS_CALLOC(1, sizeof(natsOptions));
+    if (opts == NULL)
+        return nats_setDefaultError(NATS_NO_MEMORY);
+    if (natsMutex_Create(&(opts->mu)) != NATS_OK)
+    {
+        NATS_FREE(opts);
+        return NATS_UPDATE_ERR_STACK(NATS_NO_MEMORY);
+    }
+    opts->allowReconnect = true;
+    opts->secure         = false;
+    opts->maxReconnect   = NATS_OPTS_DEFAULT_MAX_RECONNECT;
+    opts->reconnectWait  = NATS_OPTS_DEFAULT_RECONNECT_WAIT;
+    opts->pingInterval   = NATS_OPTS_DEFAULT_PING_INTERVAL;
+    opts->maxPingsOut    = NATS_OPTS_DEFAULT_MAX_PING_OUT;
+    opts->maxPendingMsgs = NATS_OPTS_DEFAULT_MAX_PENDING_MSGS;
+    opts->timeout        = NATS_OPTS_DEFAULT_TIMEOUT;
+    opts->libMsgDelivery = natsLib_isLibHandlingMsgDeliveryByDefault();
+    *newOpts = opts;
+    return NATS_OK;
+}
+natsOptions*
+natsOptions_clone(natsOptions *opts)
+{
+    natsStatus  s       = NATS_OK;
+    natsOptions *cloned = NULL;
+    int         muSize;
+    if ((s = natsOptions_Create(&cloned)) != NATS_OK)
+    {
+        NATS_UPDATE_ERR_STACK(s);
+        return NULL;
+    }
+    natsMutex_Lock(opts->mu);
+    muSize = sizeof(cloned->mu);
+    // Make a blind copy first...
+    memcpy((char*)cloned + muSize, (char*)opts + muSize,
+           sizeof(natsOptions) - muSize);
+    // Then remove all pointers, so that if we fail while
+    // strduping them, and free the cloned, we don't free the strings
+    // from the original.
+    cloned->name    = NULL;
+    cloned->servers = NULL;
+    cloned->url     = NULL;
+    cloned->sslCtx  = NULL;
+    cloned->user    = NULL;
+    cloned->password= NULL;
+    cloned->token   = NULL;
+    // Also, set the number of servers count to 0, until we update
+    // it (if necessary) when calling SetServers.
+    cloned->serversCount = 0;
+    if (opts->name != NULL)
+        s = natsOptions_SetName(cloned, opts->name);
+    if ((s == NATS_OK) && (opts->url != NULL))
+        s = natsOptions_SetURL(cloned, opts->url);
+    if ((s == NATS_OK) && (opts->servers != NULL))
+        s = natsOptions_SetServers(cloned,
+                                   (const char**)opts->servers,
+                                   opts->serversCount);
+    if ((s == NATS_OK) && (opts->user != NULL))
+        s = natsOptions_SetUserInfo(cloned, opts->user, opts->password);
+    if ((s == NATS_OK) && (opts->token != NULL))
+        s = natsOptions_SetToken(cloned, opts->token);
+    if ((s == NATS_OK) && (opts->sslCtx != NULL))
+        cloned->sslCtx = natsSSLCtx_retain(opts->sslCtx);
+    if (s != NATS_OK)
+    {
+        _freeOptions(cloned);
+        cloned = NULL;
+        NATS_UPDATE_ERR_STACK(s);
+    }
+    natsMutex_Unlock(opts->mu);
+    return cloned;
+}
+void
+natsOptions_Destroy(natsOptions *opts)
+{
+    if (opts == NULL)
+        return;
+    _freeOptions(opts);
+}