From 10f69c1500af39e7405b8a07b16be11c01827d70 Mon Sep 17 00:00:00 2001 From: Pieter Hintjens Date: Thu, 20 Jun 2013 18:30:30 +0200 Subject: [PATCH] Clarified man pages on mixed security --- doc/zmq_curve.txt | 13 ++++++++----- doc/zmq_setsockopt.txt | 6 ++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/doc/zmq_curve.txt b/doc/zmq_curve.txt index e865bd68..a414dfa4 100644 --- a/doc/zmq_curve.txt +++ b/doc/zmq_curve.txt @@ -17,8 +17,11 @@ by this document: . CLIENT AND SERVER ROLES ----------------------- -A socket using CURVE can be either client or server but not both. The role -is independent of bind/connect direction. +A socket using CURVE can be either client or server, at any moment, but +not both. The role is independent of bind/connect direction. + +A socket can change roles at any point by setting new options. The role +affects all zmq_connect and zmq_bind calls that follow it. To become a CURVE server, the application sets the ZMQ_CURVE_SERVER option on the socket, and then sets the ZMQ_CURVE_SECRETKEY option to provide the @@ -27,9 +30,9 @@ socket with its long-term public key, which is used only by clients. To become a CURVE client, the application sets the ZMQ_CURVE_SERVERKEY option with the long-term public key of the server it intends to connect -to. A CURVE client can connect to (or accept connections from) at most -one CURVE server. The application then sets the ZMQ_CURVE_PUBLICKEY and -ZMQ_CURVE_SECRETKEY options with its client long-term key pair. +to, or accept connections from, next. The application then sets the +ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options with its client +long-term key pair. If the server does authentication it will be based on the client's long term public key. diff --git a/doc/zmq_setsockopt.txt b/doc/zmq_setsockopt.txt index f2d76bdf..92306596 100644 --- a/doc/zmq_setsockopt.txt +++ b/doc/zmq_setsockopt.txt @@ -13,8 +13,10 @@ SYNOPSIS *int zmq_setsockopt (void '*socket', int 'option_name', const void '*option_value', size_t 'option_len');* Caution: All options, with the exception of ZMQ_SUBSCRIBE, ZMQ_UNSUBSCRIBE, -ZMQ_LINGER, ZMQ_ROUTER_MANDATORY, ZMQ_PROBE_ROUTER, and ZMQ_XPUB_VERBOSE -only take effect for subsequent socket bind/connects. +ZMQ_LINGER, ZMQ_ROUTER_MANDATORY, ZMQ_PROBE_ROUTER, ZMQ_XPUB_VERBOSE only +take effect for subsequent socket bind/connects. Specifically, security +options take effect for subsequent binds/connects and can be changed at any +time to affect subsequent binds and/or connects. DESCRIPTION -----------