Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems: ZAP can be set up incorrectly, CURVE and GSSAPI can be used only with ZAP #2596

Merged
merged 3 commits into from
Jun 15, 2017
Merged

Problems: ZAP can be set up incorrectly, CURVE and GSSAPI can be used only with ZAP #2596

merged 3 commits into from
Jun 15, 2017

Conversation

bluca
Copy link
Member

@bluca bluca commented Jun 13, 2017
edited
Loading

Solutions: see commits

Fixes #2594

bluca added 3 commits June 13, 2017 22:56
@bluca
Problem: ZAP is allowed to be configured incorrectly or not to work
33695d1 
Solution: if inproc://zeromq.zap.01 exists, which means ZAP is
enabled, abort immediately if it cannot be used (eg: out of memory)
or it is configured incorrectly (eg: wrong socket type).
Otherwise authentication failures will simply be ignored and
unauthorised peers will be allowed to slip in.
@bluca
Problem: CURVE can no longer be used without ZAP
0ce18ea 
Solution: revert change that made ZAP mandatory.
The "Stonehouse" pattern, where CURVE is used only for encryption and
without authentication, is a valid use case so we should still
support it.
Also restore CURVE testing in the test_heartbeat.

Fixes zeromq#2594
@bluca
Problem: GSSAPI can no longer be used without ZAP
6ad0b08 
Solution: do not fail if ZAP is not enabled.
GSSAPI already provides authentication and can be used separately,
so it is a valid use case.
@bluca
Copy link
Member Author

bluca commented Jun 13, 2017

@evoskuil please let me know if this looks good to you - thanks!

@bluca
Copy link
Member Author

bluca commented Jun 15, 2017

Ping :-)

@bjovke
Copy link
Contributor

bjovke commented Jun 15, 2017

@bluca I can't help you here, I'm not familiar how this code works...

@evoskuil
Copy link
Contributor

Thanks for the ping. I'm traveling for the next couple weeks and I can't give a very good review of this with just my iphone. The principle is sound but just looking it over in the browser it is hard to say for sure.

@bluca
Copy link
Member Author

bluca commented Jun 15, 2017

Thanks. Then I would recommend to go ahead with the changes to unblock folks using curve, and then we can revisit and revise if necessary.

@jemc jemc merged commit 2d83acc into zeromq:master Jun 15, 2017
@bluca bluca deleted the zap_curve branch June 15, 2017 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bluca @bjovke @evoskuil @jemc