예제 #1
0
파일: zproxy.c 프로젝트: maxkozlovsky/czmq
static zsock_t *
s_self_create_socket (self_t *self, char *type_name, char *endpoints, proxy_socket selected_socket)
{
    //  This array matches ZMQ_XXX type definitions
    assert (ZMQ_PAIR == 0);
    char *type_names [] = {
        "PAIR", "PUB", "SUB", "REQ", "REP",
        "DEALER", "ROUTER", "PULL", "PUSH",
        "XPUB", "XSUB", type_name
    };
    //  We always match type at least at end of table
    int index;
    for (index = 0; strneq (type_name, type_names [index]); index++) ;
    if (index > ZMQ_XSUB) {
        zsys_error ("zproxy: invalid socket type '%s'", type_name);
        return NULL;
    }
    zsock_t *sock = zsock_new (index);
    if (sock) {
#if (ZMQ_VERSION_MAJOR == 4)
        if (self->domain [selected_socket]) {
            // Apply authentication domain
            zsock_set_zap_domain (sock, self->domain [selected_socket]);
        }
        if (self->auth_type [selected_socket] == AUTH_PLAIN) {
            // Enable plain authentication
            zsock_set_plain_server (sock, 1);
        }
        else
        if (self->auth_type [selected_socket] == AUTH_CURVE) {
            // Apply certificate keys
            char *public_key = self->public_key [selected_socket];
            assert(public_key);
            char *secret_key = self->secret_key [selected_socket];
            assert(secret_key);
            zsock_set_curve_publickey (sock, public_key);
            zsock_set_curve_secretkey (sock, secret_key);

            // Enable curve authentication
            zsock_set_curve_server (sock, 1);
        }
#endif
        if (zsock_attach (sock, endpoints, true)) {
            zsys_error ("zproxy: invalid endpoints '%s'", endpoints);
            zsock_destroy (&sock);
        }
    }
    return sock;
}
예제 #2
0
void MessageProcessor::init(int port, zcert_t* transportKey)
{
    if (port == 0) {
        OT_FAIL;
    }
    if (!zsys_has_curve()) {
        Log::vError("Error: libzmq has no libsodium support");
        OT_FAIL;
    }
    zstr_sendx(zmqAuth_, "CURVE", CURVE_ALLOW_ANY, NULL);
    zsock_wait(zmqAuth_);
    zsock_set_zap_domain(zmqSocket_, "global");
    zsock_set_curve_server(zmqSocket_, 1);
    zcert_apply(transportKey, zmqSocket_);
    zsock_bind(zmqSocket_, "tcp://*:%d", port);
}
예제 #3
0
void
zauth_test (bool verbose)
{
    printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)
    if (verbose)
        printf ("\n");

    //  @selftest
    //  Create temporary directory for test files
#   define TESTDIR ".test_zauth"
    zsys_dir_create (TESTDIR);

    //  Check there's no authentication
    zsock_t *server = zsock_new (ZMQ_PUSH);
    assert (server);
    zsock_t *client = zsock_new (ZMQ_PULL);
    assert (client);
    bool success = s_can_connect (&server, &client);
    assert (success);

    //  Install the authenticator
    zactor_t *auth = zactor_new (zauth, NULL);
    assert (auth);
    if (verbose) {
        zstr_sendx (auth, "VERBOSE", NULL);
        zsock_wait (auth);
    }
    //  Check there's no authentication on a default NULL server
    success = s_can_connect (&server, &client);
    assert (success);

    //  When we set a domain on the server, we switch on authentication
    //  for NULL sockets, but with no policies, the client connection
    //  will be allowed.
    zsock_set_zap_domain (server, "global");
    success = s_can_connect (&server, &client);
    assert (success);

    //  Blacklist 127.0.0.1, connection should fail
    zsock_set_zap_domain (server, "global");
    zstr_sendx (auth, "DENY", "127.0.0.1", NULL);
    zsock_wait (auth);
    success = s_can_connect (&server, &client);
    assert (!success);

    //  Whitelist our address, which overrides the blacklist
    zsock_set_zap_domain (server, "global");
    zstr_sendx (auth, "ALLOW", "127.0.0.1", NULL);
    zsock_wait (auth);
    success = s_can_connect (&server, &client);
    assert (success);

    //  Try PLAIN authentication
    zsock_set_plain_server (server, 1);
    zsock_set_plain_username (client, "admin");
    zsock_set_plain_password (client, "Password");
    success = s_can_connect (&server, &client);
    assert (!success);

    FILE *password = fopen (TESTDIR "/password-file", "w");
    assert (password);
    fprintf (password, "admin=Password\n");
    fclose (password);
    zsock_set_plain_server (server, 1);
    zsock_set_plain_username (client, "admin");
    zsock_set_plain_password (client, "Password");
    zstr_sendx (auth, "PLAIN", TESTDIR "/password-file", NULL);
    zsock_wait (auth);
    success = s_can_connect (&server, &client);
    assert (success);

    zsock_set_plain_server (server, 1);
    zsock_set_plain_username (client, "admin");
    zsock_set_plain_password (client, "Bogus");
    success = s_can_connect (&server, &client);
    assert (!success);

    if (zsys_has_curve ()) {
        //  Try CURVE authentication
        //  We'll create two new certificates and save the client public
        //  certificate on disk; in a real case we'd transfer this securely
        //  from the client machine to the server machine.
        zcert_t *server_cert = zcert_new ();
        assert (server_cert);
        zcert_t *client_cert = zcert_new ();
        assert (client_cert);
        char *server_key = zcert_public_txt (server_cert);

        //  Test without setting-up any authentication
        zcert_apply (server_cert, server);
        zcert_apply (client_cert, client);
        zsock_set_curve_server (server, 1);
        zsock_set_curve_serverkey (client, server_key);
        success = s_can_connect (&server, &client);
        assert (!success);

        //  Test CURVE_ALLOW_ANY
        zcert_apply (server_cert, server);
        zcert_apply (client_cert, client);
        zsock_set_curve_server (server, 1);
        zsock_set_curve_serverkey (client, server_key);
        zstr_sendx (auth, "CURVE", CURVE_ALLOW_ANY, NULL);
        zsock_wait (auth);
        success = s_can_connect (&server, &client);
        assert (success);

        //  Test full client authentication using certificates
        zcert_apply (server_cert, server);
        zcert_apply (client_cert, client);
        zsock_set_curve_server (server, 1);
        zsock_set_curve_serverkey (client, server_key);
        zcert_save_public (client_cert, TESTDIR "/mycert.txt");
        zstr_sendx (auth, "CURVE", TESTDIR, NULL);
        zsock_wait (auth);
        success = s_can_connect (&server, &client);
        assert (success);

        zcert_destroy (&server_cert);
        zcert_destroy (&client_cert);
    }
    //  Remove the authenticator and check a normal connection works
    zactor_destroy (&auth);
    success = s_can_connect (&server, &client);
    assert (success);

    zsock_destroy (&client);
    zsock_destroy (&server);

    //  Delete all test files
    zdir_t *dir = zdir_new (TESTDIR, NULL);
    assert (dir);
    zdir_remove (dir, true);
    zdir_destroy (&dir);
    //  @end
#endif
    printf ("OK\n");
}
예제 #4
0
파일: qzsock.cpp 프로젝트: digideskio/zebra
///
//  Set socket option `curve_server`.
void QZsock::setCurveServer (int curveServer)
{
    zsock_set_curve_server (self, curveServer);
    
}
예제 #5
0
파일: imczmq.c 프로젝트: dpocock/rsyslog
static rsRetVal addListener(instanceConf_t* iconf){
	DEFiRet;
	
	DBGPRINTF("imczmq: addListener called..\n");	
	struct listener_t* pData;
	CHKmalloc(pData=(struct listener_t*)MALLOC(sizeof(struct listener_t)));
	pData->ruleset = iconf->pBindRuleset;

	pData->sock = zsock_new(iconf->sockType);
	if(!pData->sock) {
		errmsg.LogError(0, RS_RET_NO_ERRCODE,
				"imczmq: new socket failed for endpoints: %s",
				iconf->sockEndpoints);
		ABORT_FINALIZE(RS_RET_NO_ERRCODE);
	}

	DBGPRINTF("imczmq: created socket of type %d..\n", iconf->sockType);	

	if(runModConf->authType) {	
		if(!strcmp(runModConf->authType, "CURVESERVER")) {
			DBGPRINTF("imczmq: we are a CURVESERVER\n");	
			zcert_t *serverCert = zcert_load(runModConf->serverCertPath);
			if(!serverCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load cert %s",
					runModConf->serverCertPath);
				ABORT_FINALIZE(RS_RET_ERR);
			}
			zsock_set_zap_domain(pData->sock, "global");
			zsock_set_curve_server(pData->sock, 1);
			zcert_apply(serverCert, pData->sock);
			zcert_destroy(&serverCert);
		}
		else if(!strcmp(runModConf->authType, "CURVECLIENT")) {
			DBGPRINTF("imczmq: we are a CURVECLIENT\n");	
			zcert_t *serverCert = zcert_load(runModConf->serverCertPath);
			if(!serverCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load cert %s",
					runModConf->serverCertPath);
				ABORT_FINALIZE(RS_RET_ERR);
			}
			const char *server_key = zcert_public_txt(serverCert);
			zcert_destroy(&serverCert);
			zsock_set_curve_serverkey(pData->sock, server_key);
			
			zcert_t *clientCert = zcert_load(runModConf->clientCertPath);
			if(!clientCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load cert %s",
					runModConf->clientCertPath);
				ABORT_FINALIZE(RS_RET_ERR);
			}
			
			zcert_apply(clientCert, pData->sock);
			zcert_destroy(&clientCert);
		}

	}

	switch(iconf->sockType) {
		case ZMQ_SUB:
#if defined(ZMQ_DISH)
		case ZMQ_DISH:
#endif
			iconf->serverish = true;
			break;
		case ZMQ_PULL:
#if defined(ZMQ_GATHER)
		case ZMQ_GATHER:
#endif
		case ZMQ_ROUTER:
#if defined(ZMQ_SERVER)
		case ZMQ_SERVER:
#endif
			iconf->serverish = true;
			break;
	}

	if(iconf->topics) {
		char topic[256];
		while(*iconf->topics) {
			char *delimiter = strchr(iconf->topics, ',');
			if(!delimiter) {
				delimiter = iconf->topics + strlen(iconf->topics);
			}
			memcpy (topic, iconf->topics, delimiter - iconf->topics);
			topic[delimiter-iconf->topics] = 0;
			DBGPRINTF("imczmq: subscribing to %s\n", topic);
			if(iconf->sockType == ZMQ_SUB) {
				zsock_set_subscribe (pData->sock, topic);
			}
#if defined(ZMQ_DISH)
			else if(iconf->sockType == ZMQ_DISH) {
				int rc = zsock_join (pData->sock, topic);
				if(rc != 0) {
					errmsg.LogError(0, NO_ERRCODE, "could not join group %s", topic);
					ABORT_FINALIZE(RS_RET_ERR);
				}
			}
#endif
			if(*delimiter == 0) {
				break;
			}
			iconf->topics = delimiter + 1;
		}
	}

	int rc = zsock_attach(pData->sock, (const char*)iconf->sockEndpoints,
			iconf->serverish);
	if (rc == -1) {
		errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s failed",
				iconf->sockEndpoints);
		ABORT_FINALIZE(RS_RET_ERR);
	}

	DBGPRINTF("imczmq: attached socket to %s\n", iconf->sockEndpoints);

	rc = zlist_append(listenerList, (void *)pData);
	if(rc != 0) {
		errmsg.LogError(0, NO_ERRCODE, "could not append listener");
		ABORT_FINALIZE(RS_RET_ERR);
	}
finalize_it:
	RETiRet;
}
예제 #6
0
파일: imczmq.c 프로젝트: henrid14/rsyslog
static rsRetVal addListener(instanceConf_t* iconf){
	struct lstn_s* pData;
	DEFiRet;

	CHKmalloc(pData=(struct lstn_s*)MALLOC(sizeof(struct lstn_s)));
	pData->next = NULL;
	pData->pRuleset = iconf->pBindRuleset;

	/* Create the zeromq socket */
	/* ------------------------ */

	pData->sock = zsock_new(iconf->sockType);
	if (!pData->sock) {
		errmsg.LogError(0, RS_RET_NO_ERRCODE,
				"imczmq: new socket failed for endpoints: %s",
				iconf->sockEndpoints);
		ABORT_FINALIZE(RS_RET_NO_ERRCODE);
	}

	DBGPRINTF ("imczmq: created socket...\n");

	/* Create the beacon actor if configured */
	/* ------------------------------------- */

	if((iconf->beacon != NULL) && (iconf->beaconPort > 0)) {
		DBGPRINTF ("imczmq: starting beacon actor...\n");

		pData->beaconActor = zactor_new(zbeacon, NULL);
		if (!pData->beaconActor) {
			errmsg.LogError(0, RS_RET_NO_ERRCODE,
					"imczmq: could not create beacon service");
			ABORT_FINALIZE (RS_RET_NO_ERRCODE);
		}

		zsock_send(pData->beaconActor, "si", "CONFIGURE", iconf->beaconPort);
		char *hostname = zstr_recv(pData->beaconActor);
		if (!*hostname) {
			errmsg.LogError(0, RS_RET_NO_ERRCODE,
					"imczmq: no UDP broadcasting available");
			ABORT_FINALIZE (RS_RET_NO_ERRCODE);
		}

		zsock_send(pData->beaconActor,
				"sbi", "PUBLISH", pData->beaconActor, strlen(iconf->beacon));

		DBGPRINTF ("omczmq: beacon is lit: hostname: '%s', port: '%d'...\n", 
			hostname, iconf->beaconPort);
	}



	DBGPRINTF("imczmq: authtype is: %s\n", iconf->authType);

	if (iconf->authType != NULL) {

		/* CURVESERVER */
		/* ----------- */

		if (!strcmp(iconf->authType, "CURVESERVER")) {

			zsock_set_zap_domain(pData->sock, "global");
			zsock_set_curve_server(pData->sock, 1);

			pData->serverCert = zcert_load(iconf->serverCertPath);
			
			if (!pData->serverCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load server cert");
				ABORT_FINALIZE(RS_RET_ERR);
			}

			zcert_apply(pData->serverCert, pData->sock);

			zstr_sendx(authActor, "CURVE", iconf->clientCertPath, NULL);
			zsock_wait(authActor);

			DBGPRINTF("imczmq: CURVESERVER: serverCertPath: '%s'\n", iconf->serverCertPath);
			DBGPRINTF("mczmq: CURVESERVER: clientCertPath: '%s'\n", iconf->clientCertPath);
		}

		/* CURVECLIENT */
		/* ----------- */

		else if (!strcmp(iconf->authType, "CURVECLIENT")) {
			if (!strcmp(iconf->clientCertPath, "*")) {
				pData->clientCert = zcert_new();
			}
			else {
				pData->clientCert = zcert_load(iconf->clientCertPath);
			}
			
			if (!pData->clientCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load client cert");
				ABORT_FINALIZE(RS_RET_ERR);
			}

			zcert_apply(pData->clientCert, pData->sock);
			pData->serverCert = zcert_load(iconf->serverCertPath);
			
			if (!pData->serverCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load server cert");
				ABORT_FINALIZE(RS_RET_ERR);
			}

			char *server_key = zcert_public_txt(pData->serverCert);
			zsock_set_curve_serverkey (pData->sock, server_key);

			DBGPRINTF("imczmq: CURVECLIENT: serverCertPath: '%s'\n", iconf->serverCertPath);
			DBGPRINTF("imczmq: CURVECLIENT: clientCertPath: '%s'\n", iconf->clientCertPath);
			DBGPRINTF("imczmq: CURVECLIENT: server_key: '%s'\n", server_key);
		}
		else {
			errmsg.LogError(0, NO_ERRCODE, "unrecognized auth type: '%s'", iconf->authType);
				ABORT_FINALIZE(RS_RET_ERR);
		}
	}

	/* subscribe to topics */
	/* ------------------- */

	if (iconf->sockType == ZMQ_SUB) {
		char topic[256], *list = iconf->topicList;
		while (list) {
			char *delimiter = strchr(list, ',');
			if (!delimiter) {
				delimiter = list + strlen (list);
			}

			if (delimiter - list > 255) {
				errmsg.LogError(0, NO_ERRCODE,
						"iconf->topicList must be under 256 characters");
				ABORT_FINALIZE(RS_RET_ERR);
			}
		
			memcpy(topic, list, delimiter - list);
			topic[delimiter - list] = 0;

			zsock_set_subscribe(pData->sock, topic);

			if (*delimiter == 0) {
				break;
			}

			list = delimiter + 1;
		}
	}

	switch (iconf->sockType) {
		case ZMQ_SUB:
			iconf->serverish = false;
			break;
		case ZMQ_PULL:
		case ZMQ_ROUTER:
			iconf->serverish = true;
			break;
	}


	int rc = zsock_attach(pData->sock, (const char*)iconf->sockEndpoints,
			iconf->serverish);
	if (rc == -1) {
		errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s",
				iconf->sockEndpoints);
		ABORT_FINALIZE(RS_RET_ERR);
	}

	/* add this struct to the global */
	/* ----------------------------- */

	if(lcnfRoot == NULL) {
		lcnfRoot = pData;
	} 
	if(lcnfLast == NULL) {
		lcnfLast = pData;
	} else {
		lcnfLast->next = pData;
		lcnfLast = pData;
	}

finalize_it:
	RETiRet;
}
예제 #7
0
JNIEXPORT void JNICALL
Java_org_zeromq_czmq_Zsock__1_1setCurveServer (JNIEnv *env, jclass c, jlong self, jint curve_server)
{
    zsock_set_curve_server ((zsock_t *) (intptr_t) self, (int) curve_server);
}
예제 #8
0
파일: omczmq.c 프로젝트: bdoin/rsyslog
static rsRetVal initCZMQ(instanceData* pData) {
	DEFiRet;

	/* tell czmq to not use it's own signal handler */
	putenv ("ZSYS_SIGHANDLER=false");

	/* create new auth actor */
	DBGPRINTF ("omczmq: starting auth actor...\n");
	pData->authActor = zactor_new (zauth, NULL);
	if (!pData->authActor) {
		errmsg.LogError (0, RS_RET_NO_ERRCODE,
				"omczmq: could not create auth service");
		ABORT_FINALIZE (RS_RET_NO_ERRCODE);
	}

	/* create our zeromq socket */
	DBGPRINTF ("omczmq: creating zeromq socket...\n");
	pData->sock = zsock_new (pData->sockType);
	if (!pData->sock) {
		errmsg.LogError (0, RS_RET_NO_ERRCODE,
				"omczmq: new socket failed for endpoints: %s",
				pData->sockEndpoints);
		ABORT_FINALIZE(RS_RET_NO_ERRCODE);
	}

	bool is_server = false;

	/* if we are a CURVE server */
	if (!strcmp(pData->authType, "CURVESERVER")) {
		DBGPRINTF("omczmq: we are a curve server...\n");
		
		is_server = true;

		/* set global auth domain */
		zsock_set_zap_domain(pData->sock, "global");

		/* set that we are a curve server */
		zsock_set_curve_server(pData->sock, 1);

		/* get and set our server cert */
		DBGPRINTF("omczmq: server cert is %s...\n", pData->serverCertPath);
		pData->serverCert = zcert_load(pData->serverCertPath);
		if (!pData->serverCert) {
			errmsg.LogError(0, NO_ERRCODE, "could not load server cert");
			ABORT_FINALIZE(RS_RET_ERR);
		}

		zcert_apply(pData->serverCert, pData->sock);

		/* set allowed clients */
		DBGPRINTF("omczmq: allowed clients are %s...\n", pData->clientCertPath);
		zstr_sendx(pData->authActor, "CURVE", pData->clientCertPath, NULL);
		zsock_wait(pData->authActor);
	}

	/* if we are a CURVE client */
	if (!strcmp(pData->authType, "CURVECLIENT")) {
		DBGPRINTF("omczmq: we are a curve client...\n");

		is_server = false;

		/* get our client cert */
		pData->clientCert = zcert_load(pData->clientCertPath);
		if (!pData->clientCert) {
			errmsg.LogError(0, NO_ERRCODE, "could not load client cert");
			ABORT_FINALIZE(RS_RET_ERR);
		}

		/* apply the client cert to the socket */
		zcert_apply(pData->clientCert, pData->sock);

		/* get the server cert */
		DBGPRINTF("omczmq: server cert is %s...\n", pData->serverCertPath);
		pData->serverCert = zcert_load(pData->serverCertPath);
		if (!pData->serverCert) {
			errmsg.LogError(0, NO_ERRCODE, "could not load server cert");
			ABORT_FINALIZE(RS_RET_ERR);
		}

		/* get the server public key and set it for the socket */
		char *server_key = zcert_public_txt(pData->serverCert);
		DBGPRINTF("omczmq: server public key is %s...\n", server_key);
		zsock_set_curve_serverkey (pData->sock, server_key);
	}

	/* we default to CONNECT unless told otherwise */
	int rc = zsock_attach(pData->sock, (const char*)pData->sockEndpoints, is_server);
	if (rc == -1) {
		errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s failed",
				pData->sockEndpoints);
		ABORT_FINALIZE(RS_RET_ERR);
	}

finalize_it:
	RETiRet;
}
예제 #9
0
파일: omczmq.c 프로젝트: haixingood/rsyslog
static rsRetVal initCZMQ(instanceData* pData) {
	DEFiRet;

	/* Turn off CZMQ signal handling */
	/* ----------------------------- */	

    putenv ("ZSYS_SIGHANDLER=false");

	/* Create the authentication actor */
	/* ------------------------------ */

	pData->authActor = zactor_new(zauth, NULL);

	if (!pData->authActor) {
		errmsg.LogError(0, RS_RET_NO_ERRCODE,
				"omczmq: could not create auth actor");
		ABORT_FINALIZE (RS_RET_SUSPENDED);
	}

	DBGPRINTF ("omczmq: auth actor started\n");

	/* Create the zeromq socket */
	/* ------------------------ */

	pData->sock = zsock_new(pData->sockType);

	if (!pData->sock) {
		errmsg.LogError(0, RS_RET_NO_ERRCODE,
				"omczmq: new socket failed for endpoints: %s",
				pData->sockEndpoints);
		ABORT_FINALIZE(RS_RET_SUSPENDED);
	}

	DBGPRINTF ("omczmq: created socket...\n");

	/* Create the beacon actor if configured */
	/* ------------------------------------- */

	if((pData->beacon != NULL) && (pData->beaconport > 0)) {

		pData->beaconActor = zactor_new(zbeacon, NULL);

		if (!pData->beaconActor) {
			errmsg.LogError(0, RS_RET_NO_ERRCODE,
					"omczmq: could not create beacon service");
			ABORT_FINALIZE (RS_RET_SUSPENDED);
		}

		zsock_send(pData->beaconActor, "si", "CONFIGURE", pData->beaconport);
		char *hostname = zstr_recv(pData->beaconActor);
		
		if (!*hostname) {
			errmsg.LogError(0, RS_RET_NO_ERRCODE,
					"omczmq: no UDP broadcasting available");
			ABORT_FINALIZE (RS_RET_SUSPENDED);
		}

		zsock_send(pData->beaconActor, "sbi", "PUBLISH", pData->beacon, strlen(pData->beacon));

		DBGPRINTF ("omczmq: beacon is lit: hostname: '%s', port: '%d'...\n", 
				hostname, pData->beaconport);

		zstr_free (&hostname);
	}

	/* Load certs for auth if auth is used */
	/* ----------------------------------- */

	if (pData->authType != NULL) {

		/* CURVESERVER */
		/* ---------- */

		if (!strcmp(pData->authType, "CURVESERVER")) {
		
			zsock_set_zap_domain(pData->sock, "global");
			zsock_set_curve_server(pData->sock, 1);

			pData->serverCert = zcert_load(pData->serverCertPath);

			if (!pData->serverCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load server cert");
				ABORT_FINALIZE(RS_RET_ERR);
			}

			zcert_apply(pData->serverCert, pData->sock);

			zstr_sendx(pData->authActor, "CURVE", pData->clientCertPath, NULL);
			zsock_wait(pData->authActor);

			DBGPRINTF("omczmq: CURVESERVER: serverCertPath: '%s'\n", pData->serverCertPath);
			DBGPRINTF("omczmq: CURVESERVER: clientCertPath: '%s'\n", pData->clientCertPath);
		}

		/* CURVECLIENT */
		/* ----------- */

		else if (!strcmp(pData->authType, "CURVECLIENT")) {
			if (!strcmp(pData->clientCertPath, "*")) {
				pData->clientCert = zcert_new();
			}
			else {
				pData->clientCert = zcert_load(pData->clientCertPath);
			}
		
			if (!pData->clientCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load client cert");
				ABORT_FINALIZE(RS_RET_ERR);
			}

			zcert_apply(pData->clientCert, pData->sock);

			pData->serverCert = zcert_load(pData->serverCertPath);

			if (!pData->serverCert) {
				errmsg.LogError(0, NO_ERRCODE, "could not load server cert");
				ABORT_FINALIZE(RS_RET_ERR);
			}

			char *server_key = zcert_public_txt(pData->serverCert);
			zsock_set_curve_serverkey (pData->sock, server_key);

			DBGPRINTF("omczmq: CURVECLIENT: serverCertPath: '%s'\n", pData->serverCertPath);
			DBGPRINTF("omczmq: CURVECLIENT: clientCertPath: '%s'\n", pData->clientCertPath);
			DBGPRINTF("omczmq: CURVECLIENT: server_key: '%s'\n", server_key);
		}
		else {
			errmsg.LogError(0, NO_ERRCODE, "unrecognized auth type: '%s'", pData->authType);
				ABORT_FINALIZE(RS_RET_ERR);
		}
	}
	
	switch (pData->sockType) {
		case ZMQ_PUB:
			pData->serverish = true;
			break;
		case ZMQ_PUSH:
		case ZMQ_DEALER:
			pData->serverish = false;
			break;
	}

	int rc = zsock_attach(pData->sock, (const char*)pData->sockEndpoints, pData->serverish);
	if (rc == -1) {
		errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s failed",
				pData->sockEndpoints);
		ABORT_FINALIZE(RS_RET_SUSPENDED);
	}

finalize_it:
	RETiRet;
}