OK, I'll test the new release once it's ready.
On Friday, March 7, 2014 6:20 PM, Pieter Hintjens <p...@imatix.com> wrote: OK... that took a little longer than I expected to hunt down. There is a not small error in the current CZMQ stable release. zauth.c and zsockopt.c do not include platform.h, yet test HAVE_LIBSODIUM for CURVE conditional code. As a result, no encryption is enabled in that stable release, period. Easy to patch: add include "platform.h" to zsockopt.c and zauth.c Better, take GitHub master. I'll make a new stable release for CZMQ asap. Thanks for point me to this error. -Pieter On Fri, Mar 7, 2014 at 5:43 PM, Turkey Breast <turkeybre...@yahoo.com> wrote: > Relevant output using czmq git (but ZMQ 4.0.3 and libsodium 0.4.5): > > $ ./ironhouse > I: DENIED (not in whitelist) address=127.0.0.1 > I: DENIED (not in whitelist) address=127.0.0.1 > > And: > > $ ./ironhouse > I: PASSED (whitelist) address=127.0.0.1 > I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc-@XetsEc:)O76PQP > I: PASSED (whitelist) address=127.0.0.1 > I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc-@XetsEc:)O76PQP > > (as expected) > > > > > > On , Turkey Breast <turkeybre...@yahoo.com> wrote: > Yes it works with czmq master. > > I noticed before that the zap handler (inproc://zeromq.zap.01) wasn't being > called in the poller but it was working with plain. I thought maybe it was a > ZMQ problem, but since it works with git seems to indicate a czmq problem. > > Also the HAVE_LIBSODIUM macro wasn't exposed in zsockopt.c so I added > #include "platform.h" to get that working, but it still didn't help. > > Thanks. > > > > > > > On Friday, March 7, 2014 5:26 PM, Pieter Hintjens <p...@imatix.com> wrote: > I'm using the latest git master. > > Changing the zauth_allow() call as you suggest gives me this response: > > I: DENIED (not in whitelist) address=127.0.0.1 > CURVE I: ZAP handler rejected client authentication > I: DENIED (not in whitelist) address=127.0.0.1 > CURVE I: ZAP handler rejected client authentication > I: DENIED (not in whitelist) address=127.0.0.1 > ... > > (with "I: DENIED" trace output from libzmq, and CURVE I: output from CZMQ) > > I might prefix the libzmq output to make it clearer. > > Next step, I'll try the older packages. > > -Pieter > > > On Fri, Mar 7, 2014 at 3:06 PM, Turkey Breast <turkeybre...@yahoo.com> wrote: >> I've installed a brand new Debian wheezy, and installed these packages: >> >> czmq-2.0.3.tar.gz >> libsodium-0.4.5.tar.gz >> zeromq-4.0.3.tar.gz >> >> If I change the zauth_allow() call to a random IP address then the example >> still passes. Normally I expect it to refuse the connection from localhost >> since it isn't part of the whitelist: >> >> zauth_allow (auth, "8.5.3.6"); >> >> And in ironhouse2.c if I comment out the line where it saves the client's >> public key (which is loaded by the server_task), the server still accepts >> the client connection despite not having the public key! >> >> This is a standard Debian wheezy install from scratch (nothing configured) >> using all the latest stable packages. >> _______________________________________________ >> zeromq-dev mailing list >> zeromq-dev@lists.zeromq.org >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ > zeromq-dev mailing list > zeromq-dev@lists.zeromq.org > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > _______________________________________________ > zeromq-dev mailing list > zeromq-dev@lists.zeromq.org > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
