[zeromq-dev] stonehouse and ironhouse examples - crypto being ignored in examples?
Turkey Breast
turkeybreast at yahoo.com
Fri Mar 7 18:35:25 CET 2014
OK, I'll test the new release once it's ready.
On Friday, March 7, 2014 6:20 PM, Pieter Hintjens <ph at imatix.com> wrote:
OK... that took a little longer than I expected to hunt down.
There is a not small error in the current CZMQ stable release. zauth.c
and zsockopt.c do not include platform.h, yet test HAVE_LIBSODIUM for
CURVE conditional code. As a result, no encryption is enabled in that
stable release, period.
Easy to patch: add
include "platform.h"
to zsockopt.c and zauth.c
Better, take GitHub master. I'll make a new stable release for CZMQ asap.
Thanks for point me to this error.
-Pieter
On Fri, Mar 7, 2014 at 5:43 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
> Relevant output using czmq git (but ZMQ 4.0.3 and libsodium 0.4.5):
>
> $ ./ironhouse
> I: DENIED (not in whitelist) address=127.0.0.1
> I: DENIED (not in whitelist) address=127.0.0.1
>
> And:
>
> $ ./ironhouse
> I: PASSED (whitelist) address=127.0.0.1
> I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc- at XetsEc:)O76PQP
> I: PASSED (whitelist) address=127.0.0.1
> I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc- at XetsEc:)O76PQP
>
> (as expected)
>
>
>
>
>
> On , Turkey Breast <turkeybreast at yahoo.com> wrote:
> Yes it works with czmq master.
>
> I noticed before that the zap handler (inproc://zeromq.zap.01) wasn't being called in the poller but it was working with plain. I thought maybe it was a ZMQ problem, but since it works with git seems to indicate a czmq problem.
>
> Also the HAVE_LIBSODIUM macro wasn't exposed in zsockopt.c so I added #include "platform.h" to get that working, but it still didn't help.
>
> Thanks.
>
>
>
>
>
>
> On Friday, March 7, 2014 5:26 PM, Pieter Hintjens <ph at imatix.com> wrote:
> I'm using the latest git master.
>
> Changing the zauth_allow() call as you suggest gives me this response:
>
> I: DENIED (not in whitelist) address=127.0.0.1
> CURVE I: ZAP handler rejected client authentication
> I: DENIED (not in whitelist) address=127.0.0.1
> CURVE I: ZAP handler rejected client authentication
> I: DENIED (not in whitelist) address=127.0.0.1
> ...
>
> (with "I: DENIED" trace output from libzmq, and CURVE I: output from CZMQ)
>
> I might prefix the libzmq output to make it clearer.
>
> Next step, I'll try the older packages.
>
> -Pieter
>
>
> On Fri, Mar 7, 2014 at 3:06 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
>> I've installed a brand new Debian wheezy, and installed these packages:
>>
>> czmq-2.0.3.tar.gz
>> libsodium-0.4.5.tar.gz
>> zeromq-4.0.3.tar.gz
>>
>> If I change the zauth_allow() call to a random IP address then the example still passes. Normally I expect it to refuse the connection from localhost since it isn't part of the whitelist:
>>
>> zauth_allow (auth, "8.5.3.6");
>>
>> And in ironhouse2.c if I comment out the line where it saves the client's public key (which is loaded by the server_task), the server still accepts the client connection despite not having the public key!
>>
>> This is a standard Debian wheezy install from scratch (nothing configured) using all the latest stable packages.
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list