| | Handle ssl: prefixed P4PORTs for Perforce 2012.1+ |
| |
|
| | In Perforce 2012.1, they introduced actual SSL support (instead of just
|
| | requiring everyone to set up an stunnel wrapper on both ends). This wasn't
|
| | supported in Review Board for several reasons. |
| |
|
| | First of all (and this will require some thought), p4python's build will use a
|
| | useless stub ssl library unless it's built with --ssl <path-to-libssl-dir>, and
|
| | the system has OpenSSL 1.0.1. I've added some checking to print a useful message
|
| | when we hit this case, but we'll perhaps want to make some changes to
|
| | P4PythonInstaller, or at least document how to install p4python with SSL
|
| | support. |
| |
|
| | Once I had built p4python with SSL support, I started getting an error about
|
| | accepting the certificate. I've added support to do this, which required making
|
| | the existing certificate stuff handle the case where all we know is the
|
| | certificate's fingerprint (since apparently when the added ssl support they only
|
| | went so far as to verify fingerprints instead of full certificate validation).
|
| | While I was doing this, I ran into a problem where the "I trust this host" and
|
| | "Re-edit repository" buttons were getting disabled along with the rest of the
|
| | form. |
| |
|
| | This certificate gets saved to a .p4trust file in the user's home directory. I'm
|
| | not sure if that's going to cause problems or not. |
| + |
|
| + | Testing done:
|
| + | - Ran p4d locally on my system with a port of "ssl:1667" and self-generated
|
| + | certificates. Added the repository to reviewboard using both "ssl:1667" and
|
| + | "ssl:localhost:1667" as the path. Saw the warning about the unknown
|
| + | certificate and accepted it. The repository was correctly added. |
| + |
|
| + | - Re-installed the standard p4python without SSL support and tried to add an
ssl: perforce repository. Saw the warning about p4python built without SSL
support.
|