Handle ssl: prefixed P4PORTs for Perforce 2012.1+

Review Request #3714 — Created Jan. 3, 2013 and submitted

david
Review Board
release-1.7.x
reviewboard
Handle ssl: prefixed P4PORTs for Perforce 2012.1+

In Perforce 2012.1, they introduced actual SSL support (instead of just
requiring everyone to set up an stunnel wrapper on both ends). This wasn't
supported in Review Board for several reasons.

First of all (and this will require some thought), p4python's build will use a
useless stub ssl library unless it's built with --ssl <path-to-libssl-dir>, and
the system has OpenSSL 1.0.1. I've added some checking to print a useful message
when we hit this case, but we'll perhaps want to make some changes to
P4PythonInstaller, or at least document how to install p4python with SSL
support.

Once I had built p4python with SSL support, I started getting an error about
accepting the certificate. I've added support to do this, which required making
the existing certificate stuff handle the case where all we know is the
certificate's fingerprint (since apparently when the added ssl support they only
went so far as to verify fingerprints instead of full certificate validation).
While I was doing this, I ran into a problem where the "I trust this host" and
"Re-edit repository" buttons were getting disabled along with the rest of the
form.

This certificate gets saved to a .p4trust file in the user's home directory. I'm
not sure if that's going to cause problems or not.

Testing done:
- Ran p4d locally on my system with a port of "ssl:1667" and self-generated
  certificates. Added the repository to reviewboard using both "ssl:1667" and
  "ssl:localhost:1667" as the path. Saw the warning about the unknown
  certificate and accepted it. The repository was correctly added.

- Re-installed the standard p4python without SSL support and tried to add an
  ssl: perforce repository. Saw the warning about p4python built without SSL
  support.
- Ran p4d locally on my system with a port of "ssl:1667" and self-generated
  certificates. Added the repository to reviewboard using both "ssl:1667" and
  "ssl:localhost:1667" as the path. Saw the warning about the unknown
  certificate and accepted it. The repository was correctly added.

- Re-installed the standard p4python without SSL support and tried to add an
  ssl: perforce repository. Saw the warning about p4python built without SSL
  support.
Description From Last Updated

"connecwion" -> "connection"

chipx86chipx86

The {% shouldn't be indented.

chipx86chipx86

Would be better as: $(".confirmation input") .prop("disabled", false) .click(function() { ... }); Also, in the version of jQuery we use …

chipx86chipx86
chipx86
  1. 
      
  2. reviewboard/scmtools/perforce.py (Diff revision 1)
     
     
    We actually get the error with a literal "\n" in it?
  3. reviewboard/scmtools/perforce.py (Diff revision 1)
     
     
    Can you pass self.p4.run_info directly as the function?
  4. reviewboard/scmtools/perforce.py (Diff revision 1)
     
     
    "connecwion" -> "connection"
  5. The {% shouldn't be indented.
  6. reviewboard/templates/admin/repository_fields.js (Diff revision 1)
     
     
     
     
    Would be better as:
    
    $(".confirmation input")
        .prop("disabled", false)
        .click(function() {
            ...
        });
    
    Also, in the version of jQuery we use now, prop() should be used for a bunch of things, including "disabled", rather than attr. We probably have other code to update.
    
    Can you fix the inputs.attr call too?
  7. 
      
david
chipx86
  1. Ship It!
  2. 
      
david
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-1.7.x (0f1118c).
Loading...