This is known behavior; the server currently doesn't return an error when there's an authentication failure, and the client will retry endlessly. We've upgraded ZMTP to handle this but it's not yet implemented in the code.
On Mon, Apr 28, 2014 at 2:38 PM, Steve Murphy <[email protected]> wrote: > > On Apr 28, 2014 2:57 AM, "Goswin von Brederlow" <[email protected]> wrote: >> >> On Sun, Apr 20, 2014 at 01:41:23PM -0600, Steve Murphy wrote: >> > Hello-- >> > >> > I have a case here on ROUTER / tcp >> > based sockets (actually, the type doesn't matter), >> > where if the curve client has a bad/wrong >> > file for the server public key, then I'd hope >> > that what happens in zeromq-4.0.4 is a bug! >> > >> > Looking at the exchange via wireshark, >> > I see a CURVE message sent and returned, >> > and then a HELLO message is sent. If the server >> > public key is correct, we would normally get >> > a WELCOME message. >> > >> > But, when it's the wrong key, I a FIN packets >> > sent instead of a WELCOME, and then, the whole >> > exchange repeats over and over quite rapidly. >> > After the server responds with a FIN packet, >> > the client ACKs that, and then the server ACKs >> > that. Then the client sends a SYN, and the server >> > ACKs that, and the client ACKs that. (I assume this is >> > typical tcp behavior.). Then the client sends >> > a message and the server responds. Then the client >> > sends a CURVE, and the server responds, and then >> > the HELLO again. This process is repeated over and >> > over. There is no error message generated by either >> > the client or server, even tho both have zauth verbose >> > set. >> > >> > I've looked over the code, and it's a bit questionable >> > to me exactly where to put the ZAUTH error message, >> > as this code is buried down in the libzmq layer. >> > But, I think it would only be proper to generate a >> > descriptive Error message, and let everyone know that >> > there's a bad key in the pot, and NOT generate a lot of >> > useless traffic. >> > >> > It is easy to reproduce. Just take the >> > ironhouse client, and pass a bad key in the the call to >> > zsocket_set_curve_serverkey(). Use wireshark to watch >> > the fireworks. All the action is in >> > zmq::curve_server_t::process_hello and >> > zmq::curve_server_t::process_handshake_command. >> > >> > murf >> >> Have you tried the latest git? >> >> MfG >> Goswin >> > > Yes, I did. > > > _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
