On Apr 28, 2014 2:57 AM, "Goswin von Brederlow" <[email protected]> wrote: > > On Sun, Apr 20, 2014 at 01:41:23PM -0600, Steve Murphy wrote: > > Hello-- > > > > I have a case here on ROUTER / tcp > > based sockets (actually, the type doesn't matter), > > where if the curve client has a bad/wrong > > file for the server public key, then I'd hope > > that what happens in zeromq-4.0.4 is a bug! > > > > Looking at the exchange via wireshark, > > I see a CURVE message sent and returned, > > and then a HELLO message is sent. If the server > > public key is correct, we would normally get > > a WELCOME message. > > > > But, when it's the wrong key, I a FIN packets > > sent instead of a WELCOME, and then, the whole > > exchange repeats over and over quite rapidly. > > After the server responds with a FIN packet, > > the client ACKs that, and then the server ACKs > > that. Then the client sends a SYN, and the server > > ACKs that, and the client ACKs that. (I assume this is > > typical tcp behavior.). Then the client sends > > a message and the server responds. Then the client > > sends a CURVE, and the server responds, and then > > the HELLO again. This process is repeated over and > > over. There is no error message generated by either > > the client or server, even tho both have zauth verbose > > set. > > > > I've looked over the code, and it's a bit questionable > > to me exactly where to put the ZAUTH error message, > > as this code is buried down in the libzmq layer. > > But, I think it would only be proper to generate a > > descriptive Error message, and let everyone know that > > there's a bad key in the pot, and NOT generate a lot of > > useless traffic. > > > > It is easy to reproduce. Just take the > > ironhouse client, and pass a bad key in the the call to > > zsocket_set_curve_serverkey(). Use wireshark to watch > > the fireworks. All the action is in > > zmq::curve_server_t::process_hello and > > zmq::curve_server_t::process_handshake_command. > > > > murf > > Have you tried the latest git? > > MfG > Goswin >
Yes, I did. _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
