On 5 October 2016 at 16:15, Mark Gillott <[email protected]> wrote: > On Wed, 2016-10-05 at 14:56 +0100, Luca Boccassi wrote: >> zauth and zcert can work with any socket and are the correct choice. >> Curvezmq was a proof of concept (and made to bring auth for the legacy >> libraries) and should not be used with libzmq/czmq as there's built in >> support. >> > > OK so authentication/encryption needs to be (separately) applied to > every socket. And if some other part of the system springs up a socket > between client & server for its own use, it has to remember to build in > the zauth/zcert calls. > > Mark
Yes, it's a socket option, see the zauth self test for an example: https://github.com/zeromq/czmq/blob/master/src/zauth.c#L661 zauth is set up first and then it can be used to (optionally) set up domain white/black listing with zap, and the socket options are set on each socket >> On 5 October 2016 at 09:27, Mark Gillott <[email protected]> wrote: >> > Suppose we have a server and one or more client applications that >> > communicate using a number of 0MQ sockets; a ROUTER-DEALER, a PUB-SUB >> > and a REP-REQ. >> > >> > Is it possible to use CurveZMQ to secure all of these connections? Using >> > the various zactor, zcert & zsock_set_curve functions I can secure the >> > ROUTER-DEALER connections. But what about the other two? >> > >> > What I really want is to be able to do is secure the lower layer >> > transport such that *any* 0MQ socket between client & server is always >> > secure. From the curvezmq.org page: >> > >> > To secure a single hop between client and server, which is the >> > CurveCP use case. For this use case we would embed CurveZMQ in >> > the transport layer so that it can work for all patterns >> > (publish-subscribe, pipeline, and so on). >> > >> > Yet I can't find any example. The examples I've seen secure a single >> > socket. Have I misunderstood? Can I build a CurveZMQ-based "pipe" over >> > which other 0MQ sockets can operate? >> > >> > Thanks, >> > >> > Mark >> > _______________________________________________ >> > zeromq-dev mailing list >> > [email protected] >> > https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.zeromq.org_mailman_listinfo_zeromq-2Ddev&d=DQIGaQ&c=IL_XqQWOjubgfqINi2jTzg&r=jvQi-CKjLvh8eMz9WSgpXPemqlgP9vG7H0zwS3acfHk&m=gOqAiEHvYlTrTLGnWRWdFSR9dHwNTwB_wmYvb_WDKxM&s=oBgMsrha1azZ7qDvJEl-ki-0QCyO_C1hOC4Q-tDf5Q0&e= >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.zeromq.org_mailman_listinfo_zeromq-2Ddev&d=DQIGaQ&c=IL_XqQWOjubgfqINi2jTzg&r=jvQi-CKjLvh8eMz9WSgpXPemqlgP9vG7H0zwS3acfHk&m=gOqAiEHvYlTrTLGnWRWdFSR9dHwNTwB_wmYvb_WDKxM&s=oBgMsrha1azZ7qDvJEl-ki-0QCyO_C1hOC4Q-tDf5Q0&e= > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
