[zeromq-dev] stonehouse and ironhouse examples - crypto being ignored in examples?

Turkey Breast turkeybreast at yahoo.com
Fri Mar 7 17:43:42 CET 2014


Relevant output using czmq git (but ZMQ 4.0.3 and libsodium 0.4.5):

$ ./ironhouse
I: DENIED (not in whitelist) address=127.0.0.1
I: DENIED (not in whitelist) address=127.0.0.1

And:

$ ./ironhouse
I: PASSED (whitelist) address=127.0.0.1
I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc- at XetsEc:)O76PQP
I: PASSED (whitelist) address=127.0.0.1
I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc- at XetsEc:)O76PQP

(as expected)





On , Turkey Breast <turkeybreast at yahoo.com> wrote:
Yes it works with czmq master.

I noticed before that the zap handler (inproc://zeromq.zap.01) wasn't being called in the poller but it was working with plain. I thought maybe it was a ZMQ problem, but since it works with git seems to indicate a czmq problem.

Also the HAVE_LIBSODIUM macro wasn't exposed in zsockopt.c so I added #include "platform.h" to get that working, but it still didn't help.

Thanks.






On Friday, March 7, 2014 5:26 PM, Pieter Hintjens <ph at imatix.com> wrote:
I'm using the latest git master.

Changing the zauth_allow() call as you suggest gives me this response:

I: DENIED (not in whitelist) address=127.0.0.1
CURVE I: ZAP handler rejected client authentication
I: DENIED (not in whitelist) address=127.0.0.1
CURVE I: ZAP handler rejected client authentication
I: DENIED (not in whitelist) address=127.0.0.1
...

(with "I: DENIED" trace output from libzmq, and CURVE I: output from CZMQ)

I might prefix the libzmq output to make it clearer.

Next step, I'll try the older packages.

-Pieter


On Fri, Mar 7, 2014 at 3:06 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
> I've installed a brand new Debian wheezy, and installed these packages:
>
> czmq-2.0.3.tar.gz
> libsodium-0.4.5.tar.gz
> zeromq-4.0.3.tar.gz
>
> If I change the zauth_allow() call to a random IP address then the example still passes. Normally I expect it to refuse the connection from localhost since it isn't part of the whitelist:
>
>   zauth_allow (auth, "8.5.3.6");
>
> And in ironhouse2.c if I comment out the line where it saves the client's public key (which is loaded by the server_task), the server still accepts the client connection despite not having the public key!
>
> This is a standard Debian wheezy install from scratch (nothing configured) using all the latest stable packages.
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
_______________________________________________
zeromq-dev mailing list
zeromq-dev at lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev




More information about the zeromq-dev mailing list