Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zcertstore has no API to get the disk state from a custom loader #2113

Closed
santupari opened this issue Sep 17, 2020 · 6 comments
Closed

zcertstore has no API to get the disk state from a custom loader #2113

santupari opened this issue Sep 17, 2020 · 6 comments
Labels

Comments

@santupari
Copy link
Contributor

Hello everyone,

We encountered 2 different issues listed below w.r.t CURVE authentication which uses zcertstore internally to store the client keys.

  1. If there are multiple client certs with same timestamp or one of the cert has timestamp
    a. On client connection request certstore gets refreshed
    b. after that a new client cert is copied or valid cert is overwritten as the previous cert was invalid or corrupted, the certstore does not get refreshed and there after that connection will never be allowed as there is not change w.r.t timestamp, count and current size of the cert dir
  2. If an application wants to load its custom disk loader (which loads all the certs on a change), then there is no API available to access the state store in zcertstore struct.

The above issues are observed on libczmq 4.2.0 version.
I have attached test code along with the patch for zcertstore.c and zcertstore.h.

Please let me know for any clarification.

czmq_certstore_custom_loader.zip

Thanks,
Santosh Bidaralli

@bluca
Copy link
Member

bluca commented Sep 17, 2020

Please send a pull request with the patches rather than attachments

@santupari
Copy link
Contributor Author

Thank you @bluca. I will send the pull request at the earliest.

sappo added a commit that referenced this issue Sep 18, 2020
zcertstore has no API to get the disk state from a custom loader #2113
@stale
Copy link

stale bot commented Dec 18, 2020

This issue has been automatically marked as stale because it has not had recent activity for 90 days. It will be closed if no further activity occurs within 21 days. Thank you for your contributions.

@stale stale bot added the stale label Dec 18, 2020
@Yashashree-Jadhav
Copy link

Hi Everyone,

I am seeing the same issue as mentioned in 1st bullet here:

  1. If there are multiple client certs with same timestamp or one of the cert has timestamp. On client connection request certstore
    gets refreshed after that a new client cert is copied or valid cert is overwritten as the previous cert was invalid or corrupted,
    the certstore does not get refreshed and there after that connection will never be allowed as there is not change w.r.t
    timestamp, count and current size of the cert dir

Before jumping to 4.2.1, I am curious how does the custom disk loader helps fix this issue.
I see in my case the default disk loader in zcertstore (s_disk_loader ) never makes into this if block:


if (dir
&& (state->modified != zdir_modified (dir)
|| state->count != zdir_count (dir)
|| state->cursize != (size_t) zdir_cursize (dir)))
{


@stale stale bot removed the stale label Feb 10, 2021
@santupari
Copy link
Contributor Author

santupari commented Feb 10, 2021 via email

@stale
Copy link

stale bot commented Jun 2, 2021

This issue has been automatically marked as stale because it has not had recent activity for 90 days. It will be closed if no further activity occurs within 21 days. Thank you for your contributions.

@stale stale bot added the stale label Jun 2, 2021
@stale stale bot closed this as completed Jul 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants