Add a stunnel mode for Perforce.

Review Request #2482 — Created July 15, 2011 and submitted — Latest diff uploaded

Information

Review Board

Reviewers

Add a stunnel mode for Perforce.

Out of the box, Perforce doesn't support any sort of secure connectivity. This
is an artifact of the sorts of environment that Perforce is usually run in, but
isn't really a modern approach to life (people want security even inside the
firewall).

The suggested workaround for this is to run a stunnel proxy on the server, and a
stunnel client proxy on the client. Users can then connect using a localhost:
P4PORT and the encryption will be handled by stunnel.

This change adds support for this configuration, by adding a special stunnel:
prefix to the P4PORT setting. When someone uses this prefix, the port will be
interpreted as a stunnel server to connect to. We then spin up a stunnel client
on a random port and use that as the P4PORT. When we're done, we disconnect
perforce and kill the stunnel process.

This is a little complicated in implementation because stunnel can either run in
the foreground (in which case we race to see whether we try to connect before it
listens on the local port), or it can run in the background (in which case we
race the -filesystem- for when it writes out its PID file). I've chosen the
latter case as the lesser of the two races.
- Unit tests
- Tested setting up a stunnel server and adding that repository via
  stunnel:localhost:port, and posted a review request to it. The changeset
  contents and diff loaded just fine.