Hello! I'm building the second version of a open source differential GPS sharing software (pylongps.com). I've run into a bit of a snag though.
Does anyone know of a good way to get the key associated with a CURVE router connection? ZAP authentication can check if a key is on the whitelist, but it doesn't appear to provide more than a go/no go. I need to be able to check the key associated with a specific ROUTER connection so that I can limit what the owner of a particular connection key can do (people with one key can't pretend to be someone else). My original idea was to use the ZMQ_IDENTITY field to set the connection ID to a superset of the connection key, then just have the ZAP handler verify the connection ID contained the key at the beginning. Further ID processing would then be done via the connection ID at the router socket. However, the ZMQ_IDENTITY set does not show up in the ZAP messages, so this isn't possible. Further reading of the mailing list indicates that the ZMQ_IDENTITY isn't suppose to propagate like that anyway. The brute force solution would be to force a authentication exchange using a signing key and a nonce at the router (router sends nonce, client signs or encrypts it and sends it back). Thats basically doing a whole handshake on top of the ZMQ_CURVE protocol, which seems rather overkill. Does anyone know of a better approach? Thanks, Charlie West
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
