• 
  
    
 
    
 
    

    



    
    
    
    
     
    






    
 
    


 
    



    
 

 

  

  

 

    


  
    





    
 
    



  

    
 
 
    
  
    Handle ssl: prefixed P4PORTs for Perforce 2012.1+
    
 
    

    



 
    
 
    

  Review Request #3714
  —
  Created Jan. 4, 2013 and submitted  — Latest diff uploaded 

 
    


    




    




    




 
    
  
    
   Information

  
    



    
 
 
    
  david
 
    

    





    
 
 
    
  Review Board
 
    

    





    
 
 
    
  release-1.7.x
 
    

    





    
 
 
    
  
 
    

    





    
 
 
    
  
 
    

    



 
    



 
    
  
    
   Reviewers

  
    



    
 
 
    
  reviewboard
 
    

    





    
 
 
    
  
 
    

    



 
    



    


    
 
    




  

    
 
 
    
  
    Handle ssl: prefixed P4PORTs for Perforce 2012.1+

In Perforce 2012.1, they introduced actual SSL support (instead of just
requiring everyone to set up an stunnel wrapper on both ends). This wasn't
supported in Review Board for several reasons.

First of all (and this will require some thought), p4python's build will use a
useless stub ssl library unless it's built with --ssl <path-to-libssl-dir>, and
the system has OpenSSL 1.0.1. I've added some checking to print a useful message
when we hit this case, but we'll perhaps want to make some changes to
P4PythonInstaller, or at least document how to install p4python with SSL
support.

Once I had built p4python with SSL support, I started getting an error about
accepting the certificate. I've added support to do this, which required making
the existing certificate stuff handle the case where all we know is the
certificate's fingerprint (since apparently when the added ssl support they only
went so far as to verify fingerprints instead of full certificate validation).
While I was doing this, I ran into a problem where the "I trust this host" and
"Re-edit repository" buttons were getting disabled along with the rest of the
form.

This certificate gets saved to a .p4trust file in the user's home directory. I'm
not sure if that's going to cause problems or not.

Testing done:
- Ran p4d locally on my system with a port of "ssl:1667" and self-generated
  certificates. Added the repository to reviewboard using both "ssl:1667" and
  "ssl:localhost:1667" as the path. Saw the warning about the unknown
  certificate and accepted it. The repository was correctly added.

- Re-installed the standard p4python without SSL support and tried to add an
  ssl: perforce repository. Saw the warning about p4python built without SSL
  support.
    
 
    

    





  

    
 
 
    
  
    - Ran p4d locally on my system with a port of "ssl:1667" and self-generated
  certificates. Added the repository to reviewboard using both "ssl:1667" and
  "ssl:localhost:1667" as the path. Saw the warning about the unknown
  certificate and accepted it. The repository was correctly added.

- Re-installed the standard p4python without SSL support and tried to add an
  ssl: perforce repository. Saw the warning about p4python built without SSL
  support.