* This is passed to the ZAP handler in the 'domain' field
* If not set, or empty, then NULL security does not call the ZAP handler
* This resolves the phantom ZAP request syndrome seen with sockets where
security was never intended (e.g. in test cases)
* This means if you install a ZAP handler, it will not get any requests
for new connections until you take some explicit action, which can be
setting a username/password for PLAIN, a key for CURVE, or the domain
for NULL.
- tests that system can provide at least 1,000 sockets
- we could expand on this but this covers the main case of OS/X
having a too-low default limit of 256 handles per process
* Command names changed from null terminated to length-specified
* Command frames use the correct flag (bit 2)
* test_stream acts as test case for command frames
* Some code cleanups
- if ZAP server returns anything except 200, connection is closed
- all security tests now pass correctly
- test_security_curve now does proper client key authentication using test key
- test_security_plain now does proper password authentication
- Split off NULL security check from PLAIN
- Cleaned up test_linger code a little
- Got all tests to pass, added TODOs for outstanding issues
- Added ZAP authentication for NULL test case
- NULL mechanism was not passing server identity - fixed
- cleaned up test_security_plain and removed option double-checks (made code ugly)
- lowered timeout on expect_bounce_fail to 150 msec to speed up checks
- removed all sleeps from test_fork and simplified code (it still passes :-)
This change adds the socket identity infomartion from the socket to the
zap frames. In doing this the ZAP is able preform different operations
based on different sockets. This is not compaitable with the current ZAP
RFC, but that can be updated. As the ZAP rfc is currently draft for I
did not change the version number.
Tests also modified and passing.
This allows making a new request on a REQ socket by sending a new
message. Without the option set, calling send() after the first message
is done will continue to return an EFSM error.
It's useful for when a REQ is not getting a response. Previously that
meant creating a new socket or switching to DEALER.
* Documentation:
The default behavior of REQ sockets is to rely on the ordering of messages
to match requests and responses and that is usually sufficient. When this option
is set to 1, the REQ socket will prefix outgoing messages with an extra frame
containing a request id. That means the full message is (request id, 0,
user frames...). The REQ socket will discard all incoming messages that don't
begin with these two frames.
* Behavior change: When a REQ socket gets an invalid reply, it used to
discard the message and return EAGAIN. REQ sockets still discard
invalid messages, but keep looking at the next one automatically
until a good one is found or there are no more messages.
* Add test_req_request_ids.
* Add lb_t::sendpipe() that returns the pipe that was used for sending,
similar to fq_t::recvpipe().
* Add forwarder functions to dealer_t to access these two.
* Add logic to req_t to ignore replies on pipes that are not the one
where the request was sent.
* Enable test in test_spec_req.
* disabled the specific tests that do not work (yet) on libzmq
* cleaned up one source (test_spec_rep.c) but the others need similar work
* added sleep in test_spec_rep to allow connects time to happen; this would
not be needed if we connected out to the REP peers instead in from them,
but I didn't want to change the logic of the test code.
* See http://rfc.zeromq.org/spec:28/REQREP
* Not all testable statements are covered.
* At this point, there are several failures:
- test_spec_req: The REQ socket does not correctly discard messages
from peers that are not currently being talked to.
- test_spec_dealer/router: On disconnect, the queues seem to not be
emptied. The DEALER can still receive a message the disconnected
peer sent, the ROUTER can still send to the identity of the dis-
connected peer.
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).
So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).
Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).
I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
- designed for TCP clients and servers
- added HTTP client / server example in tests/test_stream.cpp
- same as ZMQ_ROUTER + ZMQ_ROUTER_RAW + ZMQ_ROUTER_MANDATORY
- includes b893ce set ZMQ_IDENTITY on outgoing connect
- deprecates ZMQ_ROUTER_RAW
- we need to switch to PLAIN according to options.mechanism
- we need to catch case when both peers are as-server (or neither is)
- and to use username/password from options, for client
* ZMQ_PLAIN_SERVER, ZMQ_PLAIN_USERNAME, ZMQ_PLAIN_PASSWORD options
* Man page changes to zmq_setsockopt and zmq_getsockopt
* Man pages for ZMQ_NULL, ZMQ_PLAIN, and ZMQ_CURVE
* Test program test_security
1) VSM - you cannot hand out the 'data' address as it was not allocated on the heap
2) for other messages the 'data' address cannot be handed out either, as it not the address
originally returned by malloc and hence cannot be passed to 'free'.
see msg.cpp
u.lmsg.content = (content_t*) malloc (sizeof (content_t) + size_);
....
u.lmsg.content->data = u.lmsg.content + 1;
So the function is changed to always malloc a data buffer and copy the data into it.
There is a possible optimisation using memmove for the non-VSM case but that is not done yet.
* Removed or truncated sleeps so the tests run faster
* Removed dependencies on zmq_utils
* Rewrote a few tests that were confusing
* Minor code cleanups
Simplify the test connect delay test script, removing the threads and
moving to a serialised version. AFAICS this should provide the same
test, but without the race conditions that happened with the previous
test.