Here are the logs from the hw example. There"s a log from a successful run with no encryption and a log from a failed run with the curve encryption enabled: https://gist.github.com/robertpi/2424193e35d67bcd0b70
The log messages I added can be seen here: https://github.com/robertpi/libzmq/commit/eda22e7b234d7fc2c7b9957f6a853f80864d390b Looking at the logs it seems the problem maybe in the client. In the plain cases after a successful handshake the client calls into zmq::stream_engine_t::process_handshake_command straight after the hand shake finishes. In the curve case there's no more data in the buffer (the call to tcp_read returns -1) so the zmq::stream_engine_t::in_event exits and no further processing takes place. What data should be returned to the client after a sucesful handshake? Are there any existing examples that work use curve encryption with libzmq directly, not going via czmq? If not I'll try and port my C# code to C that uses libzmq. Thanks, Rob On Fri, Jul 24, 2015, at 04:38 AM, Robert Pickering wrote: > The next thing I tried was porting the code to the hw sample, so see if > the problem was specific to sub/pub or not. The hw sample doesn't work > either, so the problem is not specific to sub/pub as I thought: > https://gist.github.com/robertpi/224d834bc04e42f6cf23 > > I'll try porting the code to the libzmq directly. I also tidy up my > debug logs and publish them. > > Thanks, > Robert > > On Thu, Jul 23, 2015, at 09:41 PM, Arnaud Kapp wrote: > > Hello, > > > > The authentication should happen automatically if the socket has the > > correct option configured (curve server flag, and a private key / > > public key). > > I am not aware of any limitation of the authentication / security code > > when using PUB/SUB. It should work. > > > > I am not familiar enough with C# to know if there is something wrong > > with your code, but it looks ok. > > Are you able to get this to work using the libzmq C API? > > > > On Thu, Jul 23, 2015 at 7:16 PM, Robert Pickering > > <[email protected]> wrote: > > > I've been continuing to look at this today. To investigate further I > > > build my own version of libzmq and added some debug code. What I think I > > > see is the handshake in zmq::stream_engine_t::in_event is successful but > > > in the sub/pub model the client sends no further data so there's nothing > > > to trigger the ZAP handler. Is there anyway to force authentication to > > > take place? Or is curve security just not an option with the sub/pub > > > model? > > > > > > Thanks, > > > Rob > > > > > > On Wed, Jul 22, 2015, at 04:54 PM, Robert Pickering wrote: > > >> I'm trying to implement a ZAP handler in C#. I've updated the patho > > >> sub/pub example to include curve cryptography and tried to add a ZAP > > >> handler in the publisher. Here's a gist of what I have so far: > > >> https://gist.github.com/robertpi/a140eaa62378c14678ad > > >> > > >> Basically in the publisher I bind a REP socket to > > >> inproc://zeromq.zap.01. I then set the ZMQ_CURVE_SERVER and > > >> ZMQ_CURVE_SECRETKEY on the publisher, while on the client I > > >> ZMQ_CURVE_SERVERKEY to be the servers public key, and set it's > > >> ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY to be the clients > > >> public/secret key. > > >> > > >> Before I sent up the curve options the messages follow and the example > > >> works just fine. After I set the curve options the messages stop > > >> following. I was expecting my ZAP handling method to be called, so I > > >> could respond with with whether the client is valid or not, but it seem > > >> the ZAP handler never receives a message. > > >> > > >> I feel I'm missing some simple step to enable the ZAP handler. Do I need > > >> to send messages to inproc://zeromq.zap.01 to enable the ZAP handler? I > > >> see some examples set a verbosity option and an IP filter, are these > > >> messages that need to be sent to inproc://zeromq.zap.01? Or are they > > >> values that need to be set somewhere else? > > >> > > >> Many thanks for any help! > > >> > > >> Rob > > >> > > >> -- > > >> Robert Pickering > > >> [email protected] > > >> _______________________________________________ > > >> zeromq-dev mailing list > > >> [email protected] > > >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > _______________________________________________ > > > zeromq-dev mailing list > > > [email protected] > > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > > > > > -- > > Kapp Arnaud - Xaqq > > _______________________________________________ > > zeromq-dev mailing list > > [email protected] > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
