- 30 Dec, 2016 2 commits
-
-
Vincent Tellier authored
- Moved new events in draft section + added to zmq_draft.h - Removed the remainning tabs - Reverted the hard error (back to soft error) in curve_server.cpp => The feature doesn't works anymore
-
Vincent Tellier authored
Added two new monitoring events: - ZMQ_EVENT_HANDSHAKE_SUCCEED is raised once the encryption handshake succeed - ZMQ_EVENT_HANDSHAKE_FAILED is raised when it failed Both events are raised on server and client side.
-
- 14 May, 2016 1 commit
-
-
evoskuil authored
-
- 29 Mar, 2016 1 commit
-
-
Nikolay Edigaryev authored
libsodium calls abort() when /dev/urandom can't be found even if one creates ZeroMQ context before calling chroot()[1]. This happens because crypto gets initialized on handshake, and at that moment the process is already chroot'ed. Solution: initialize cryptographic libraries in ctx randombytes_close() is already there in the destructor. [1] https://download.libsodium.org/doc/usage/index.html
-
- 01 Mar, 2016 1 commit
-
-
Pieter Hintjens authored
Libsodium has started returning -1 in some cases. Solution: allow and handle error returns from these calls. Fixes #1831
-
- 18 Feb, 2016 1 commit
-
-
Osiris authored
Solution: Phase I - make precompiled.hpp be first file included in every source file
-
- 11 Feb, 2016 2 commits
-
-
Pieter Hintjens authored
- they have no copyright / license statement - they are in some randomish directory structure - they are a mix of postable and non-portable files - they do not conform to conditional compile environment Overall, it makes it rather more work than needed, in build scripts. Solution: clean up tweetnacl sauce. - merged code into single tweetnacl.c and .h - standard copyright header, DJB to AUTHORS - moved into src/ along with all other source files - all system and conditional compilation hidden in these files - thus, they can be compiled and packaged in all cases - ZMQ_USE_TWEETNACL is set when we're using built-in tweetnacl - HAVE_LIBSODIUM is set when we're using external libsodium
-
Pieter Hintjens authored
It's unclear which we need and in the source code, conditional code treats tweetnacl as a subclass of libsodium, which is inaccurate. Solution: redesign the configure/cmake API for this: * tweetnacl is present by default and cannot be enabled * libsodium can be enabled using --with-libsodium, which replaces the built-in tweetnacl * CURVE encryption can be disabled entirely using --enable-curve=no The macros we define in platform.hpp are: ZMQ_HAVE_CURVE 1 // When CURVE is enabled HAVE_LIBSODIUM 1 // When we are using libsodium HAVE_TWEETNACL 1 // When we're using tweetnacl (default) As of this patch, the default build of libzmq always has CURVE security, and always uses tweetnacl.
-
- 28 Jan, 2016 1 commit
-
-
Constantin Rack authored
Solution: update to 2016
-
- 24 Jun, 2015 1 commit
-
-
Jonathan Reams authored
This commit adds ZMTP connection heartbeats described in http://rfc.zeromq.org/spec:37/ZMTP.
-
- 02 Jun, 2015 1 commit
-
-
Pieter Hintjens authored
Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
-
- 22 Jan, 2015 1 commit
-
-
Pieter Hintjens authored
Solution: update for 2015 Fixes #1320
-
- 08 Nov, 2014 1 commit
-
-
Constantin Rack authored
There are two todo comments in curve_client.cpp and curve_server.cpp that suggest checking the return code of sodium_init() call. sodium_init() returns -1 on error, 0 on success and 1 if it has been called before and is already initalized: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/sodium/core.c
-
- 20 Sep, 2014 1 commit
-
-
Matthew Hawn authored
Solution: ensure message short nonces are strictly increasing and validate them
-
- 16 May, 2014 1 commit
-
-
Martin Hurton authored
-
- 08 May, 2014 4 commits
- 06 May, 2014 1 commit
-
-
Martin Hurton authored
-
- 02 May, 2014 1 commit
-
-
Pieter Hintjens authored
- also prioritize ZAP metadata over ZMTP metadata in case application uses same names.
-
- 01 May, 2014 2 commits
-
-
Frank authored
-
Martin Hurton authored
-
- 29 Apr, 2014 1 commit
-
-
Pieter Hintjens authored
- additional messages to help people debugging security errors
-
- 16 Feb, 2014 1 commit
-
-
Pieter Hintjens authored
- just prints server-side failures to console - can be improved over time, e.g. enabled at build time or sent to inproc debug channel
-
- 12 Jan, 2014 1 commit
-
-
Martin Hurton authored
The get_credential () member function returns credential for the last peer we received message for. The idea is that this function is used to implement user-level API.
-
- 02 Jan, 2014 1 commit
-
-
Pieter Hintjens authored
-
- 04 Oct, 2013 1 commit
-
-
Martin Hurton authored
-
- 24 Sep, 2013 1 commit
-
-
Pieter Hintjens authored
* The INITIATE command vouch box is Box[C',S](C->S') instead of Box[C'](C->S), as recommended by https://codesinchaos.wordpress.com/2012/09/09/curvecp-1/, to reduce the risk of client impersonation. * Mirrors the change in libcurve and CurveZMQ specifications.
-
- 17 Sep, 2013 2 commits
-
-
Pieter Hintjens authored
This reverts commit bfd472f9.
-
Laurent Alebarde authored
-
- 09 Sep, 2013 1 commit
-
-
Pieter Hintjens authored
* This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
-
- 04 Sep, 2013 1 commit
-
-
Pieter Hintjens authored
* Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
-
- 02 Sep, 2013 2 commits
-
-
Pieter Hintjens authored
- if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
-
Pieter Hintjens authored
- Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
-
- 20 Aug, 2013 1 commit
-
-
Jeremy Rossi authored
This change adds the socket identity infomartion from the socket to the zap frames. In doing this the ZAP is able preform different operations based on different sockets. This is not compaitable with the current ZAP RFC, but that can be updated. As the ZAP rfc is currently draft for I did not change the version number. Tests also modified and passing.
-
- 18 Jul, 2013 1 commit
-
-
Martin Hurton authored
-
- 01 Jul, 2013 1 commit
-
-
Martin Hurton authored
-
- 28 Jun, 2013 1 commit
-
-
Pieter Hintjens authored
RFC23, RFC24, RFC26 now use variable-length command names that end in null octet (valid C strings) instead of fixed-length space padded strings.
-
- 23 Jun, 2013 1 commit
-
-
Martin Hurton authored
-