Handle ssl: prefixed P4PORTs for Perforce 2012.1+

 






 

 


  Review Request #3714
  —
  Created Jan. 3, 2013 and submitted  — Latest diff uploaded 

 


















 

  

   Information

  





 
 

  david
 









 
 

  Review Board
 









 
 

  release-1.7.x
 









 
 

  
 









 
 

  
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
Handle ssl: prefixed P4PORTs for Perforce 2012.1+

In Perforce 2012.1, they introduced actual SSL support (instead of just
requiring everyone to set up an stunnel wrapper on both ends). This wasn't
supported in Review Board for several reasons.

First of all (and this will require some thought), p4python's build will use a
useless stub ssl library unless it's built with --ssl <path-to-libssl-dir>, and
the system has OpenSSL 1.0.1. I've added some checking to print a useful message
when we hit this case, but we'll perhaps want to make some changes to
P4PythonInstaller, or at least document how to install p4python with SSL
support.

Once I had built p4python with SSL support, I started getting an error about
accepting the certificate. I've added support to do this, which required making
the existing certificate stuff handle the case where all we know is the
certificate's fingerprint (since apparently when the added ssl support they only
went so far as to verify fingerprints instead of full certificate validation).
While I was doing this, I ran into a problem where the "I trust this host" and
"Re-edit repository" buttons were getting disabled along with the rest of the
form.

This certificate gets saved to a .p4trust file in the user's home directory. I'm
not sure if that's going to cause problems or not.

Testing done:
- Ran p4d locally on my system with a port of "ssl:1667" and self-generated
  certificates. Added the repository to reviewboard using both "ssl:1667" and
  "ssl:localhost:1667" as the path. Saw the warning about the unknown
  certificate and accepted it. The repository was correctly added.

- Re-installed the standard p4python without SSL support and tried to add an
  ssl: perforce repository. Saw the warning about p4python built without SSL
  support.

 








  


 
 

  
- Ran p4d locally on my system with a port of "ssl:1667" and self-generated
  certificates. Added the repository to reviewboard using both "ssl:1667" and
  "ssl:localhost:1667" as the path. Saw the warning about the unknown
  certificate and accepted it. The repository was correctly added.

- Re-installed the standard p4python without SSL support and tried to add an
  ssl: perforce repository. Saw the warning about p4python built without SSL
  support.