apache
diff --git a/‎build-support/start-mim-test-service-inside-container.sh
+2-1 b/‎build-support/start-mim-test-service-inside-container.sh
+2-1
diff --git a/‎build-support/start-test-service-inside-container.sh
+2-1 b/‎build-support/start-test-service-inside-container.sh
+2-1
diff --git a/‎lib/ClientConnection.cc
+2-2 b/‎lib/ClientConnection.cc
+2-2
diff --git a/‎test-conf/broker-cert.pem
+51-83 b/‎test-conf/broker-cert.pem
+51-83
@@ -76,7 +76,8 @@ put tenants/private '{
 put namespaces/private/auth '{
   "auth_policies": {
     "namespace_auth": {
-      "token-principal": ["produce", "consume"]
+      "token-principal": ["produce", "consume"],
+      "chained-client": ["produce", "consume"]
     }
   },
   "replication_clusters": ["standalone"]
 
@@ -134,7 +134,8 @@ put tenants/private '{
 put namespaces/private/auth '{
   "auth_policies": {
     "namespace_auth": {
-      "token-principal": ["produce", "consume"]
+      "token-principal": ["produce", "consume"],
+      "chained-client": ["produce", "consume"]
     }
   },
   "replication_clusters": ["standalone"]
 
@@ -253,11 +253,11 @@ ClientConnection::ClientConnection(const std::string& logicalAddress, const std:
                 throw ResultAuthenticationError;
             }
             ctx.use_private_key_file(tlsPrivateKey, ASIO::ssl::context::pem);
-            ctx.use_certificate_file(tlsCertificates, ASIO::ssl::context::pem);
+            ctx.use_certificate_chain_file(tlsCertificates);
         } else {
             if (file_exists(tlsPrivateKey) && file_exists(tlsCertificates)) {
                 ctx.use_private_key_file(tlsPrivateKey, ASIO::ssl::context::pem);
-                ctx.use_certificate_file(tlsCertificates, ASIO::ssl::context::pem);
+                ctx.use_certificate_chain_file(tlsCertificates);
             }
         }
 
 
@@ -1,16 +1,17 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 4098 (0x1002)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=US, ST=California, L=Palo Alto, O=Apache Software Foundation, OU=Pulsar, CN=Pulsar CA/[email protected]
+        Serial Number:
+            53:f8:da:b4:2b:b3:53:ff:db:96:69:f4:54:4b:8c:94:c9:24:d4:32
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=California, O=Apache Software Foundation, OU=Pulsar, CN=Pulsar CA/[email protected]
         Validity
-            Not Before: Feb 17 17:00:44 2021 GMT
-            Not After : Feb 12 17:00:44 2041 GMT
+            Not Before: Dec 18 06:29:25 2024 GMT
+            Not After : Dec 13 06:29:25 2044 GMT
         Subject: C=US, ST=California, O=Apache Software Foundation, OU=Pulsar, CN=localhost/[email protected]
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
                     00:9b:2a:6f:24:02:23:f7:ff:e6:75:61:ca:07:a8:
                     c0:ab:e9:8d:eb:51:2e:64:f7:9e:9b:d4:b4:be:3a:
@@ -32,86 +33,53 @@ Certificate:
                     5e:cd
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            X509v3 Basic Constraints:
+            X509v3 Basic Constraints: 
                 CA:FALSE
-            Netscape Cert Type:
-                SSL Server
-            Netscape Comment:
-                OpenSSL Generated Server Certificate
-            X509v3 Subject Key Identifier:
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
                 49:3C:B2:98:30:CE:7F:79:7A:C6:8B:57:CA:24:9F:12:82:1E:5D:EF
-            X509v3 Authority Key Identifier:
-                keyid:D2:B2:3D:B1:A4:7C:48:4B:36:E1:A7:DE:D8:FC:BA:92:BA:A7:C4:71
-                DirName:/C=US/ST=California/L=Palo Alto/O=Apache Software Foundation/OU=Pulsar/CN=Pulsar CA/[email protected]
-                serial:52:7B:B4:00:96:60:B4:26:85:BE:01:82:B8:B8:E2:8C:72:EF:5B:90
+            X509v3 Authority Key Identifier: 
+                keyid:9C:66:A6:5E:95:A5:D7:72:6E:11:76:44:43:35:B4:61:FB:70:27:6F
 
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Extended Key Usage:
-                TLS Web Server Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         0f:bd:af:39:0c:2c:dc:8f:7e:06:0d:27:df:35:c7:8d:5a:03:
-         68:97:f6:dc:d6:d3:39:0e:b4:76:48:7d:e1:1c:a9:4b:83:fa:
-         52:00:ab:28:93:2d:06:76:0c:14:35:3c:f1:8e:3b:af:c8:d0:
-         27:1f:58:d4:71:22:5f:05:a6:9e:73:c6:a5:5e:2a:e6:fb:eb:
-         fc:73:52:87:ca:8a:2a:f9:1e:5f:e2:b9:bd:01:27:9f:7c:61:
-         a6:97:ad:a0:ab:4e:fb:cc:fa:c8:77:6a:65:1b:ae:60:5e:fb:
-         97:14:8c:40:d7:96:c6:2c:64:59:c0:52:52:7c:2d:98:4b:f4:
-         72:da:83:f7:c6:4f:32:42:ce:df:02:dd:5f:eb:58:42:f9:62:
-         a1:9a:05:ef:13:48:27:af:a3:7f:23:eb:e0:dc:1d:8f:96:2a:
-         88:47:f7:e4:75:6f:a9:15:f6:44:f1:6d:39:3a:2c:df:a7:82:
-         cc:7e:aa:9c:1c:c0:a7:7d:68:31:4a:4e:21:b8:9f:17:90:4b:
-         f1:68:23:ef:a7:53:fc:a9:a8:35:6b:8f:4c:5e:d4:ea:b0:8a:
-         27:9a:86:89:ce:f2:5d:03:35:80:fc:45:e8:87:66:0f:32:b5:
-         2a:f5:1b:79:0e:09:8b:90:40:20:fb:e3:27:8a:c9:92:c1:53:
-         97:10:5a:8c:50:ef:02:46:7e:ec:68:c8:1e:26:66:0e:1d:d6:
-         6c:82:e7:38:14:e8:cb:45:77:29:5f:2c:1a:9d:d7:54:21:8a:
-         cf:0f:b7:0c:ae:fe:d6:fb:fb:c3:07:3e:33:df:59:25:1c:73:
-         d4:87:73:14:b4:76:16:8a:3f:82:05:7b:42:0a:55:0c:79:24:
-         3c:58:31:3f:e0:3e:9f:4e:d0:0e:fd:77:b7:13:2c:d3:d0:46:
-         cc:80:09:0f:50:56:8b:6e:6e:91:b2:5b:c8:2f:4d:86:dc:72:
-         00:de:08:0d:5e:3e:96:1f:12:7d:3b:0d:4d:71:d5:c8:a8:06:
-         ba:00:23:ec:10:4c:a4:c3:6f:bc:f0:d7:b1:cf:57:3f:3b:79:
-         db:80:87:35:c7:4e:7f:bb:38:30:0a:9f:fe:5a:86:f5:97:ce:
-         24:38:79:fd:a0:dc:0b:82:11:a1:ea:0c:e9:16:65:e0:c0:54:
-         80:ad:6e:55:18:ac:27:35:3a:b0:20:70:62:8e:5d:a2:33:53:
-         8c:ce:f9:ee:a1:27:cb:db:e5:9a:5e:e6:f7:80:93:84:63:04:
-         26:58:ab:23:bb:94:80:d0:a0:55:a2:8a:ed:bc:0f:c3:41:d2:
-         26:a5:b9:8d:8a:45:e8:a1:fc:e8:ee:7a:64:93:ed:d6:ef:a2:
-         51:d7:c9:0a:31:39:35:4a
+         46:44:07:07:74:de:fa:e9:ad:ee:10:87:72:e4:06:81:e7:d9:
+         9c:91:99:9e:fe:b2:fe:29:fc:58:12:38:7d:28:c1:3b:d6:ca:
+         19:dd:06:6c:1e:95:17:58:fa:48:47:62:2b:4f:29:a2:39:3a:
+         90:f4:37:5a:8c:75:4c:60:b3:61:50:94:5a:4d:70:6a:50:62:
+         c8:17:46:38:92:1a:02:4d:71:ad:ab:94:10:a3:91:b1:aa:18:
+         a9:00:88:b7:16:25:3c:aa:59:45:90:49:9a:9c:15:5e:d5:2f:
+         2f:2a:9e:61:77:b8:59:b7:7e:30:c9:8e:89:2a:57:11:84:e2:
+         cd:a6:ba:78:73:05:a0:f0:aa:47:5b:8c:f2:a9:20:c6:f7:50:
+         39:d7:07:bc:ef:7f:04:85:60:1b:c2:5e:53:dc:40:f9:22:f8:
+         78:b6:be:d7:1b:84:51:45:f7:30:6c:15:fd:c4:07:83:cf:89:
+         f0:6f:f9:49:7a:cc:f3:17:00:ef:33:f5:0a:6a:79:75:e5:6f:
+         2e:1f:ad:bf:7e:34:e8:1c:2e:08:de:1e:16:c0:ab:73:69:f9:
+         2e:09:d1:7b:f4:f0:8c:59:b6:82:c3:1a:a3:8c:25:0f:78:bf:
+         0b:b3:87:72:46:36:be:8e:4c:67:4c:ca:49:05:a0:2e:fd:3d:
+         a1:62:d6:01
 -----BEGIN CERTIFICATE-----
-MIIGPDCCBCSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgaYxCzAJBgNVBAYTAlVT
-MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xIzAhBgNV
-BAoMGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMQ8wDQYDVQQLDAZQdWxzYXIx
-EjAQBgNVBAMMCVB1bHNhciBDQTEkMCIGCSqGSIb3DQEJARYVZGV2QHB1bHNhci5h
-cGFjaGUub3JnMB4XDTIxMDIxNzE3MDA0NFoXDTQxMDIxMjE3MDA0NFowgZIxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMSMwIQYDVQQKDBpBcGFjaGUg
-U29mdHdhcmUgRm91bmRhdGlvbjEPMA0GA1UECwwGUHVsc2FyMRIwEAYDVQQDDAls
-b2NhbGhvc3QxJDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBhY2hlLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJsqbyQCI/f/5nVhygeowKvp
-jetRLmT3npvUtL46+vRuxpKPOE0IzYkVPizEmW3LWID84E3WffaCqw2U8uJFydMV
-lVcKbIbceGQ7NEsBfF3eT9QhGl0noKVwei4CUOEZtLkF35kNi8xi3BBz+nKLOH/T
-VlRhULuS/wlxCce9BEM8jJyLMtEFBIrGidh4Vk3aL/TsNDcmtYfkPybJQWC6MRAZ
-vvgMpAqFGVniAF23wL3RLvymNIuFKswF9vvkAOZ0lf8Cb0N/OafCg45bOEDJQsi8
-JnI2NWTCVCIRh+hljz3pQadtGYiaIJuaUufSy7PgLo/BVlS8bRQwc8XXjtBaXs0C
-AwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG
-SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw
-HQYDVR0OBBYEFEk8spgwzn95esaLV8oknxKCHl3vMIHmBgNVHSMEgd4wgduAFNKy
-PbGkfEhLNuGn3tj8upK6p8RxoYGspIGpMIGmMQswCQYDVQQGEwJVUzETMBEGA1UE
-CAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRvMSMwIQYDVQQKDBpBcGFj
-aGUgU29mdHdhcmUgRm91bmRhdGlvbjEPMA0GA1UECwwGUHVsc2FyMRIwEAYDVQQD
-DAlQdWxzYXIgQ0ExJDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBhY2hlLm9y
-Z4IUUnu0AJZgtCaFvgGCuLjijHLvW5AwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
-MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAPva85DCzcj34GDSffNceN
-WgNol/bc1tM5DrR2SH3hHKlLg/pSAKsoky0GdgwUNTzxjjuvyNAnH1jUcSJfBaae
-c8alXirm++v8c1KHyooq+R5f4rm9ASeffGGml62gq077zPrId2plG65gXvuXFIxA
-15bGLGRZwFJSfC2YS/Ry2oP3xk8yQs7fAt1f61hC+WKhmgXvE0gnr6N/I+vg3B2P
-liqIR/fkdW+pFfZE8W05Oizfp4LMfqqcHMCnfWgxSk4huJ8XkEvxaCPvp1P8qag1
-a49MXtTqsIonmoaJzvJdAzWA/EXoh2YPMrUq9Rt5DgmLkEAg++MnismSwVOXEFqM
-UO8CRn7saMgeJmYOHdZsguc4FOjLRXcpXywanddUIYrPD7cMrv7W+/vDBz4z31kl
-HHPUh3MUtHYWij+CBXtCClUMeSQ8WDE/4D6fTtAO/Xe3EyzT0EbMgAkPUFaLbm6R
-slvIL02G3HIA3ggNXj6WHxJ9Ow1NcdXIqAa6ACPsEEykw2+88Nexz1c/O3nbgIc1
-x05/uzgwCp/+Wob1l84kOHn9oNwLghGh6gzpFmXgwFSArW5VGKwnNTqwIHBijl2i
-M1OMzvnuoSfL2+WaXub3gJOEYwQmWKsju5SA0KBVoortvA/DQdImpbmNikXoofzo
-7npkk+3W76JR18kKMTk1Sg==
+MIIELzCCAxegAwIBAgIUU/jatCuzU//blmn0VEuMlMkk1DIwDQYJKoZIhvcNAQEL
+BQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMSMwIQYDVQQK
+DBpBcGFjaGUgU29mdHdhcmUgRm91bmRhdGlvbjEPMA0GA1UECwwGUHVsc2FyMRIw
+EAYDVQQDDAlQdWxzYXIgQ0ExJDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBh
+Y2hlLm9yZzAeFw0yNDEyMTgwNjI5MjVaFw00NDEyMTMwNjI5MjVaMIGSMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEjMCEGA1UECgwaQXBhY2hlIFNv
+ZnR3YXJlIEZvdW5kYXRpb24xDzANBgNVBAsMBlB1bHNhcjESMBAGA1UEAwwJbG9j
+YWxob3N0MSQwIgYJKoZIhvcNAQkBFhVkZXZAcHVsc2FyLmFwYWNoZS5vcmcwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbKm8kAiP3/+Z1YcoHqMCr6Y3r
+US5k956b1LS+Ovr0bsaSjzhNCM2JFT4sxJlty1iA/OBN1n32gqsNlPLiRcnTFZVX
+CmyG3HhkOzRLAXxd3k/UIRpdJ6ClcHouAlDhGbS5Bd+ZDYvMYtwQc/pyizh/01ZU
+YVC7kv8JcQnHvQRDPIycizLRBQSKxonYeFZN2i/07DQ3JrWH5D8myUFgujEQGb74
+DKQKhRlZ4gBdt8C90S78pjSLhSrMBfb75ADmdJX/Am9DfzmnwoOOWzhAyULIvCZy
+NjVkwlQiEYfoZY896UGnbRmImiCbmlLn0suz4C6PwVZUvG0UMHPF147QWl7NAgMB
+AAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJPLKYMM5/eXrGi1fKJJ8Sgh5d7zAf
+BgNVHSMEGDAWgBScZqZelaXXcm4RdkRDNbRh+3AnbzANBgkqhkiG9w0BAQsFAAOC
+AQEARkQHB3Te+umt7hCHcuQGgefZnJGZnv6y/in8WBI4fSjBO9bKGd0GbB6VF1j6
+SEdiK08pojk6kPQ3Wox1TGCzYVCUWk1walBiyBdGOJIaAk1xrauUEKORsaoYqQCI
+txYlPKpZRZBJmpwVXtUvLyqeYXe4Wbd+MMmOiSpXEYTizaa6eHMFoPCqR1uM8qkg
+xvdQOdcHvO9/BIVgG8JeU9xA+SL4eLa+1xuEUUX3MGwV/cQHg8+J8G/5SXrM8xcA
+7zP1Cmp5deVvLh+tv3406BwuCN4eFsCrc2n5LgnRe/TwjFm2gsMao4wlD3i/C7OH
+ckY2vo5MZ0zKSQWgLv09oWLWAQ==
 -----END CERTIFICATE-----
Original file line number	Diff line number	Diff line change
`@@ -253,11 +253,11 @@ ClientConnection::ClientConnection(const std::string& logicalAddress, const std:`
`253`	`253`	`throw ResultAuthenticationError;`
`254`	`254`	`}`
`255`	`255`	`ctx.use_private_key_file(tlsPrivateKey, ASIO::ssl::context::pem);`
`256`		`- ctx.use_certificate_file(tlsCertificates, ASIO::ssl::context::pem);`
	`256`	`+ ctx.use_certificate_chain_file(tlsCertificates);`
`257`	`257`	`} else {`
`258`	`258`	`if (file_exists(tlsPrivateKey) && file_exists(tlsCertificates)) {`
`259`	`259`	`ctx.use_private_key_file(tlsPrivateKey, ASIO::ssl::context::pem);`
`260`		`- ctx.use_certificate_file(tlsCertificates, ASIO::ssl::context::pem);`
	`260`	`+ ctx.use_certificate_chain_file(tlsCertificates);`
`261`	`261`	`}`
`262`	`262`	`}`
`263`	`263`