[zeromq-dev] ZMTP security

Pieter Hintjens ph at imatix.com
Thu Sep 18 07:32:58 CEST 2014


I just added a test case to test_security_curve where the client tries
to connect to a server socket configured with CURVE, while using a
NULL mechanism. This is what libzmq logs:

    NULL I: client sent invalid NULL handshake (not READY)

And it does reject the connection. So that seems to work properly.
Same thing when I try to use a PLAIN user/password.

-Pieter

On Wed, Sep 17, 2014 at 11:52 PM, Matthew Hawn
<matthewh at donaanacounty.org> wrote:
> I think I might have found a problem with negotiation of the security mechanism. In the current source,   zmq::stream_engine_t::handshake sets up the security mechanism based on the greeting received from the peer, but does not seem to validate that against what was sent to the peer or specified in the socket options.  Am I missing something?
>
> Matt
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev



More information about the zeromq-dev mailing list