Solution: like for other mechanism, do not enforce strict ZAP protocol
adherence unless the specific socket option is enabled with NULL auth.

Add test to exercise this functionality, and fix ZAP test to set the
socket option when it uses NULL auth.

See: https://github.com/zeromq/pyzmq/pull/1152

Solution: applied clang-format

mechanisms

Solution: uniformly require a ZAP domain to be set to activate ZAP
handling, clarify comment on Stonehouse pattern

Solution: emit events as expected by tests, and refuse connections when
ZAP is required but no handler started

Addresses #2711 partially

Problem: no tests for client-side events for successful handshake and authentication failure in handshake

Solution: added tests for CURVE, add emitting of client-side event in curve_client_t; add ZAP code 300/500 tests for all mechanisms; suppress sending an error message for ZAP code 300

Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy

Solution: emit socket monitor events for NULL protocol errors (like CURVE)

Solution: replaced unreachable code by assertions and adapted uses

Solution: unification, pulled up common behaviour to zap_client_t/zap_client_common_handshake_t

Solution: pull state enum up to zap_client_t and unify names of enum values

Solution: extract receive_and_process_zap_reply into zap_client_t and convert zap_client_t into base class of the server mechanism classes

Solution: Use zap_client_t::send_zap_request

Problem: null_mechanism duplicates zap_client_t::send_zap_request\nSolution: use zap_client_t::send_zap_request

* Problem: no test case with CURVE encryption and large identity

Solution: added test case (currently crashing)

* Problem: possible buffer overflow in mechanism_t::add_property

Solution: add target buffer length parameter and check the buffer is sufficiently large

* Problem: test cases accidentally excluded from build

Solution: remove #if/#endif

* Problem: possible buffer overruns related to metadata at various locations

Solution: allocate buffer large enough for actual metadata, reduce code duplication

* Problem: syntax error related to pointer type conversion

Solution: change argument type of make_command_with_basic_properties to const char *

* Problem: large metadata may cause an assertion in produce_initiate

Solution: Allow metadata of arbitrary size in produce_initiate

Solution: log that handler sent bad status code to clarify ZAP debugging

Solution: Define them in zmq.h and use them (currently in DRAFT API)

Solution: The Coverity Static Code Analyzer was used on libzmq code and found
many issues with uninitialized member variables, some redefinition of variables
hidding previous instances of same variable name and a couple of functions
where return values were not checked, even though all other occurrences were
checked (e.g. init_size() return).

Solution: Phase I - make precompiled.hpp be first file included in every source file

Solution: update to 2016

Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.

Solution: specify these grants in the header of each source file.

Solution: update for 2015

Fixes #1320

NULL mechanism sends ERROR command rather than READY command when ZAP
handler rejects the ZAP request (status code != "200"). The body of
ERROR command contains the status code as returned by ZAP handler.

- additional messages to help people debugging security errors

The get_credential () member function returns
credential for the last peer we received message for.
The idea is that this function is used to implement user-level API.

* This is passed to the ZAP handler in the 'domain' field

* If not set, or empty, then NULL security does not call the ZAP handler

* This resolves the phantom ZAP request syndrome seen with sockets where
  security was never intended (e.g. in test cases)

* This means if you install a ZAP handler, it will not get any requests
  for new connections until you take some explicit action, which can be
  setting a username/password for PLAIN, a key for CURVE, or the domain
  for NULL.

* Command names changed from null terminated to length-specified
* Command frames use the correct flag (bit 2)
* test_stream acts as test case for command frames
* Some code cleanups

- Split off NULL security check from PLAIN
- Cleaned up test_linger code a little
- Got all tests to pass, added TODOs for outstanding issues
- Added ZAP authentication for NULL test case
- NULL mechanism was not passing server identity - fixed
- cleaned up test_security_plain and removed option double-checks (made code ugly)
- lowered timeout on expect_bounce_fail to 150 msec to speed up checks
- removed all sleeps from test_fork and simplified code (it still passes :-)