[zeromq-dev] Authentication with CURVE doesn't fail

Pieter Hintjens ph at imatix.com
Mon Jan 13 19:04:15 CET 2014

On Mon, Jan 13, 2014 at 3:01 PM, Goswin von Brederlow <goswin-v-b at web.de> wrote:

> 1) How does the client detect a login failure (as opposed to an
>    unreachable, unresponsive, crashing server?

It's explained in the ZMTP RFC. It's an area we're changing, to avoid
specifically the problem you experienced. An authentication failure
will result in an explicit ERROR reply rather than a disconnect.

> 2) How do I get at the status text from the ZAP reply in the client?

You can't. Providing this would be a leakage of information
potentially useful to crafting an attack.

> 3) Why does ZMQ reconnect on a 400 status code at all? It should mark
>    the connection as bad and fail all further send/recv attempts.

Yes, it should.

> 4) The example from the wiki used PUSH/PULL from server to client and
>    that is what I started from. But what if the server has a PULL or REP
>    socket and gets messages from clients. How do I get at the credetials
>    from the ZAP request or user_id or metadata fields from the ZAP reply
>    on the server?

There's a work in process to provide the credentials to the server for
each message received.


More information about the zeromq-dev mailing list