You are testing this with CZMQ git master?
On Fri, Mar 7, 2014 at 6:43 PM, Turkey Breast <turkeybre...@yahoo.com> wrote:
> There's still a problem with ironhouse2 (the other examples work).
>
> genjix@debian7:~/czmq/examples/security$ ./ironhouse
> I: PASSED (whitelist) address=127.0.0.1
> I: ALLOWED (CURVE) client_key=wfvY}{1?v*S#DP7+n2}L:?!rWfY@L*GprRr>?Ig7
> Ironhouse test OK
> genjix@debian7:~/czmq/examples/security$ ./ironhouse2
> Ironhouse test OK
>
> ironhouse2 is ignoring the auth settings still.
>
>
>
>
>
> On , Turkey Breast <turkeybre...@yahoo.com> wrote:
> OK, I'll test the new release once it's ready.
>
>
>
>
>
>
> On Friday, March 7, 2014 6:20 PM, Pieter Hintjens <p...@imatix.com> wrote:
> OK... that took a little longer than I expected to hunt down.
>
> There is a not small error in the current CZMQ stable release. zauth.c
> and zsockopt.c do not include platform.h, yet test HAVE_LIBSODIUM for
> CURVE conditional code. As a result, no encryption is enabled in that
> stable release, period.
>
> Easy to patch: add
>
> include "platform.h"
>
> to zsockopt.c and zauth.c
>
> Better, take GitHub master. I'll make a new stable release for CZMQ asap.
>
> Thanks for point me to this error.
>
> -Pieter
>
>
> On Fri, Mar 7, 2014 at 5:43 PM, Turkey Breast <turkeybre...@yahoo.com> wrote:
>> Relevant output using czmq git (but ZMQ 4.0.3 and libsodium 0.4.5):
>>
>> $ ./ironhouse
>> I: DENIED (not in whitelist) address=127.0.0.1
>> I: DENIED (not in whitelist) address=127.0.0.1
>>
>> And:
>>
>> $ ./ironhouse
>> I: PASSED (whitelist) address=127.0.0.1
>> I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc-@XetsEc:)O76PQP
>> I: PASSED (whitelist) address=127.0.0.1
>> I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc-@XetsEc:)O76PQP
>>
>> (as expected)
>>
>>
>>
>>
>>
>> On , Turkey Breast <turkeybre...@yahoo.com> wrote:
>> Yes it works with czmq master.
>>
>> I noticed before that the zap handler (inproc://zeromq.zap.01) wasn't being
>> called in the poller but it was working with plain. I thought maybe it was a
>> ZMQ problem, but since it works with git seems to indicate a czmq problem.
>>
>> Also the HAVE_LIBSODIUM macro wasn't exposed in zsockopt.c so I added
>> #include "platform.h" to get that working, but it still didn't help.
>>
>> Thanks.
>>
>>
>>
>>
>>
>>
>> On Friday, March 7, 2014 5:26 PM, Pieter Hintjens <p...@imatix.com> wrote:
>> I'm using the latest git master.
>>
>> Changing the zauth_allow() call as you suggest gives me this response:
>>
>> I: DENIED (not in whitelist) address=127.0.0.1
>> CURVE I: ZAP handler rejected client authentication
>> I: DENIED (not in whitelist) address=127.0.0.1
>> CURVE I: ZAP handler rejected client authentication
>> I: DENIED (not in whitelist) address=127.0.0.1
>> ...
>>
>> (with "I: DENIED" trace output from libzmq, and CURVE I: output from CZMQ)
>>
>> I might prefix the libzmq output to make it clearer.
>>
>> Next step, I'll try the older packages.
>>
>> -Pieter
>>
>>
>> On Fri, Mar 7, 2014 at 3:06 PM, Turkey Breast <turkeybre...@yahoo.com> wrote:
>>> I've installed a brand new Debian wheezy, and installed these packages:
>>>
>>> czmq-2.0.3.tar.gz
>>> libsodium-0.4.5.tar.gz
>>> zeromq-4.0.3.tar.gz
>>>
>>> If I change the zauth_allow() call to a random IP address then the example
>>> still passes. Normally I expect it to refuse the connection from localhost
>>> since it isn't part of the whitelist:
>>>
>>> zauth_allow (auth, "8.5.3.6");
>>>
>>> And in ironhouse2.c if I comment out the line where it saves the client's
>>> public key (which is loaded by the server_task), the server still accepts
>>> the client connection despite not having the public key!
>>>
>>> This is a standard Debian wheezy install from scratch (nothing configured)
>>> using all the latest stable packages.
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev@lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev@lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev@lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
_______________________________________________
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
